Query: kms_cmk_rotation_enabled

select
  arn as resource,
  case
    when origin = 'EXTERNAL' then 'skip'
    when customer_master_key_spec <> 'SYMMETRIC_DEFAULT' then 'skip'
    when key_state = 'PendingDeletion' then 'skip'
    when key_state = 'Disabled' then 'skip'
    when not key_rotation_enabled then 'alarm'
    else 'ok'
  end as status,
  case
    when origin = 'EXTERNAL' then title || ' has imported key material.'
    when customer_master_key_spec <> 'SYMMETRIC_DEFAULT' then title || ' is non-symmetric customer key.'
    when key_state = 'PendingDeletion' then title || ' is pending deletion.'
    when key_state = 'Disabled' then title || ' is disabled.'
    when not key_rotation_enabled then title || ' key rotation disabled.'
    else title || ' key rotation enabled.'
  end as reason
  
  , region, account_id
from
  aws_kms_key
where
  key_manager = 'CUSTOMER';