query(terraform): false positive - kms key policy

Checkmarx / kics

Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.

https://kics.io

Apache License 2.0

2.02k stars 297 forks source link

query(terraform): false positive - kms key policy #6707

Open rdkls opened 1 year ago

rdkls commented 1 year ago

Platform

Terraform

Provider

AWS

Description

Query 7ebc9038-0bde-479a-acc4-6ed7b6758899 https://docs.kics.io/latest/queries/terraform-queries/aws/7ebc9038-0bde-479a-acc4-6ed7b6758899

Generates false positive when using Terraform's new way to attach KMS Key policies using aws_kms_key_policy resource instead of inline

freitasmillena commented 1 year ago

Hi, @rdkls!

Thank you so much for contributing and helping to make KICS better :) Can you please provide us the example file that generates false positive? Also, if you want, feel free to collaborate to the issue by opening a PR and we will review as soon as possible!

Thank you, KICS Team.

biker2o commented 1 month ago

See the following Terraform links and example code

"NOTE on KMS Key Policy: KMS Key Policy can be configured in either the standalone resource aws_kms_key_policy or with the parameter policy in this resource. Configuring with both will cause inconsistencies and may overwrite configuration."

@freitasmillena Any update on this False Positive? We are running into this as well