Turbot Guardrails Hub 
Hub
  • Mods
  • Policy Packs
  • Docs
  • Home
ModsPolicy PacksDocsHome
Mods
AWS
Loading policies...

Policy: AWS > KMS > Key > Approved > Custom

Determine whether the AWS KMS key is allowed to exist. This policy will be evaluated by the Approved control. If an AWS KMS key is not approved, it will be subject to the action specified in the AWS > KMS > Key > Approved policy. See Approved for more information.

Note: The policy value must be a string with a value of Approved, Not approved or Skip, or in the form of YAML objects. The object(s) must contain the key result with its value as Approved or Not approved. A custom title and message can also be added using the keys title and message respectively.

Targets

This policy targets the following resource types:

  • AWS > KMS > Key

Primary Policy

This policy is used with the following primary policy:

  • AWS > KMS > Key > Approved

Controls

Setting this policy configures this control:

  • AWS > KMS > Key > Approved

Policy Specification

Default
Skip
Examples [YAML]
  • Approved

  • result: Approved

  • title: KeyState
result: Approved

  • title: KeyState
message: KeyState is Enabled
result: Approved

  • title: KeyRotationStatus
message: KeyRotationStatus is not true
result: Not approved

  • - title: KeyState
  message: KeyState is Enabled
  result: Approved
- title: KeyRotationStatus
  message: KeyRotationStatus is not true
  result: Not approved

Category

  • Resource > Approved

In Your Workspace

  • Policy Settings by Type report

Developers

    Category URI
    • tmod:@turbot/turbot#/control/categories/resourceApproved
    • Policy Type URI
    • tmod:@turbot/aws-kms#/policy/types/keyApprovedCustom
    • GraphQL
    • query policyType(id: "tmod:@turbot/aws-kms#/policy/types/keyApprovedCustom") { … }
    • query policySettings(filter: "policyTypeId:'tmod:@turbot/aws-kms#/policy/types/keyApprovedCustom'") { … }
    • query policyValues(filter: "policyTypeId:'tmod:@turbot/aws-kms#/policy/types/keyApprovedCustom'") { … }
    • CLI
    • Get Policy Type
    • turbot graphql policy-type --id "tmod:@turbot/aws-kms#/policy/types/keyApprovedCustom"
      • Get Policy Settings
    • turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/aws-kms#/policy/types/keyApprovedCustom"
Guardrails
Guardrails Hub
  • Hub
  • Docs
  • Blog
  • Changelog
Products
  • GuardrailsGuardrails
  • PipesPipes
  • SteampipeSteampipe
  • PowerpipePowerpipe
  • FlowpipeFlowpipe
  • TailpipeTailpipe
Turbot
  • Home
  • About us
  • We're hiring!
  • Contact us
Community

Our community of practitioners love to discuss cloud governance & security.

Slack logoJoin us on Slack →

System StatusLegalSecurity
Terms of UseSecurityPrivacy
182
Mods
518
Resource Types
8,936
Policies
3,489
Controls
1,929
Quick Actions
544
IAM