ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 23:05:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Don't fail check extra737 for keys scheduled for deletion

Browse Source
This commit is contained in:
Quinn Stevens
2020-07-24 12:44:57 +01:00
parent 9b1c152607
commit e58d8cbc8d
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
checks/check_extra737
View File

@@ -24,7 +24,10 @@ extra737(){
if [[ $LIST_OF_CUSTOMER_KMS_KEYS ]];then
for key in $LIST_OF_CUSTOMER_KMS_KEYS; do
CHECK_ROTATION=$($AWSCLI kms get-key-rotation-status --key-id $key $PROFILE_OPT --region $regx --output text)
if [[ $CHECK_ROTATION == "False" ]]; then
CHECK_STATUS=$($AWSCLI kms describe-key --key-id $key $PROFILE_OPT --region $regx | jq -r '.KeyMetadata.KeyState')
if [[ $CHECK_STATUS == "PendingDeletion" ]]; then
textInfo "$regx: KMS key $key is pending deletion and cannot be rotated" "$regx"
elif [[ $CHECK_ROTATION == "False" ]]; then
textFail "$regx: KMS key $key has rotation disabled!" "$regx"
else
textPass "$regx: KMS key $key has rotation enabled" "$regx"