Bug: AWS KMS Customer Master Keys (CMKs) with Rotation Disabled for Asymmetric Keys
ph-l opened this issue · comments
ph commented
Describe the bug
From: https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html
You cannot automatically rotate asymmetric KMS keys, HMAC KMS keys, KMS keys with imported key material, or KMS keys in custom key stores
The rule currently excludes keys with imported key material. It should also exclude keys with HMAC keys, asymmetric keys, and keys in custom key stores.
To Reproduce
Create a AWS KMS key used for signing and verifying:
aws kms create-key \
--key-spec ECC_NIST_P521 \
--key-usage SIGN_VERIFY
Additional context
https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations