kics icon indicating copy to clipboard operation
kics copied to clipboard

Published 20 hours ago verified publisher icon Checkmarx

query(terraform): false positive - kms key policy

Open rdkls opened this issue 1 year ago • 2 comments

Platform

Terraform

Provider

AWS

Description

Query 7ebc9038-0bde-479a-acc4-6ed7b6758899 https://docs.kics.io/latest/queries/terraform-queries/aws/7ebc9038-0bde-479a-acc4-6ed7b6758899

Generates false positive when using Terraform's new way to attach KMS Key policies using aws_kms_key_policy resource instead of inline

rdkls avatar Sep 07 '23 11:09 rdkls

Hi, @rdkls!

Thank you so much for contributing and helping to make KICS better :) Can you please provide us the example file that generates false positive? Also, if you want, feel free to collaborate to the issue by opening a PR and we will review as soon as possible!

Thank you, KICS Team.

freitasmillena avatar Sep 07 '23 15:09 freitasmillena

See the following Terraform links and example code

  • https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key
  • https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key_policy

"NOTE on KMS Key Policy: KMS Key Policy can be configured in either the standalone resource aws_kms_key_policy or with the parameter policy in this resource. Configuring with both will cause inconsistencies and may overwrite configuration."

@freitasmillena Any update on this False Positive? We are running into this as well

biker2o avatar Jul 26 '24 16:07 biker2o