KMS keys should be rotated at least every 90 days
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | kms |
| Provider | |
| Vulnerability Type | misconfiguration |
Description#
KMS cryptographic keys are configured with a rotation period longer than 90 days, increasing the window during which a compromised key can be abused. Regular rotation is not enforced, leaving keys active for extended durations.
Impact#
If a key is compromised, attackers can use it for a longer time without detection or mitigation, potentially leading to unauthorized data access, persistent decryption of sensitive information, and prolonged exposure of critical resources.
Resolution#
Set key rotation period to 90 days