AWS
Examples about KMS
Reject if a custom KMS key is created without key rotation
Scenario: Reject if a custom KMS key is created without key rotation
Given I have aws_kms_key defined
Then it must contain enable_key_rotation
And its value must be true
Reject if a custom KMS key is created with over permissive policy with * value
Scenario: Reject if a custom KMS key is created with over permissive policy with * value
Given I have aws_kms_key defined
When it contains policy
And it contains Statement
And its Effect is Allow
And it contains Principal
Then its value must not match the "\*" regex
Reject if a custom KMS key is created with over permissive policy which allows access to accounts other than specific accounts
Scenario: Reject if a custom KMS key is created with over permissive policy which allows access to accounts other than specific accounts
Given I have aws_kms_key defined
When it contains policy
And it contains Statement
And its Effect is Allow
And it contains Principal
Then its value must match the ".*123456789012|.*.amazonaws.com" regex