Skip to main content

🔌 AWS KMS Key - object.extracts.yaml

  • Contextual name: 🔌 object.extracts.yaml
  • ID: /types/CA10__CaAwsKmsKey__c/object.extracts.yaml

Used In

LogicPolicyFlags
🧠 prod.logic.yaml🟢🛡️ AWS CloudTrail is not encrypted with KMS CMK🟢🟢 x3
🧠 prod.logic.yaml🟢🛡️ AWS EBS Attached Volume is not encrypted with KMS CMK🟢🟢 x3
🧠 prod.logic.yaml🟢🛡️ AWS EFS File System is not encrypted with KMS CMK🟢🟢 x3
🧠 prod.logic.yaml🟢🛡️ AWS KMS CMK is scheduled for deletion🟢🟢 x3
🧠 prod.logic.yaml🟢🛡️ AWS KMS Key Policy allows public access🟢🟢 x3
🧠 prod.logic.yaml🟢🛡️ AWS KMS Symmetric CMK Rotation is not enabled🟢🟢 x3

Content

Open File

---
extracts:
# Values: Creating, Enabled, Disabled, PendingDeletion, PendingImport, PendingReplicaDeletion, Unavailable, Updating. Not nullable.
  - name: "CA10__state__c"
    value: 
      FIELD:
        path: "CA10__state__c"
        undeterminedIf:
          noAccessDelegate: 
            path: "CA10__state__c"
            currentStateMessage: "Unable to determine Key state. Possible permission issue with kms:DescribeKey."
          isEmpty: "KMS Key state is not populated yet."
# Values: RSA_2048, RSA_3072, RSA_4096, ECC_NIST_P256, ECC_NIST_P384, ECC_NIST_P521, ECC_SECG_P256K1, SYMMETRIC_DEFAULT, HMAC_224, HMAC_256, HMAC_384, HMAC_512, SM2
# Not nullable
  - name: "CA10__keySpec__c"
    value: 
      FIELD:
        path: "CA10__keySpec__c"
        undeterminedIf:
          noAccessDelegate: 
            path: "CA10__keySpec__c"
            currentStateMessage: "Unable to determine Key state. Possible permission issue with kms:DescribeKey."
          isEmpty: "KMS Key state is not populated yet."
# Checkbox.
  - name: "CA10__rotationEnabled__c"
    value: 
      FIELD:
        path: "CA10__rotationEnabled__c"
        undeterminedIf:
          noAccessDelegate:
            path: "CA10__rotationEnabled__c"
            currentStateMessage: "Unable to determine Key Rotation status. Possible permission issue with kms:GetKeyRotationStatus."
# Nullable.
  - name: "CA10__deletionDate__c"
    value: 
      FIELD:
        path: "CA10__deletionDate__c"
# Values: AWS | Customer. Not Nullable.
  - name: "CA10__manager__c"
    value: 
      FIELD:
        path: "CA10__manager__c"
        undeterminedIf:
          noAccessDelegate: 
            path: "CA10__manager__c"
            currentStateMessage: "Unable to determine Key Manager. Possible permission issue with kms:DescribeKey."