The existing rule requires the list of key ids to be passed as a parameter.
Please provide an option to scan ALL CMKs.
This rule is difficult to deploy in practice as part of CloudFormation automation. Whenever a new CMK is added to CloudFormation, first the CMK must be created then this rule is updated and rerun adding the new keyid.
Hello,
The existing rule requires the list of key ids to be passed as a parameter.
Please provide an option to scan ALL CMKs.
This rule is difficult to deploy in practice as part of CloudFormation automation. Whenever a new CMK is added to CloudFormation, first the CMK must be created then this rule is updated and rerun adding the new keyid.
Thanks