Policy: GCP > KMS > Crypto Key > Approved > Custom
Determine whether the GCP KMS crypto key is allowed to exist. This policy will be evaluated by the Approved control. If a GCP KMS crypto key is not approved, it will be subject to the action specified in the GCP > KMS > Crypto Key > Approved
policy. See Approved for more information.
Note: The policy value must be a string with a value of Approved
, Not approved
or Skip
, or in the form of YAML objects. The object(s) must contain the key result
with its value as Approved
or Not approved
. A custom title and message can also be added using the keys title
and message
respectively.
Resource Types
This policy targets the following resource types:
Primary Policy
This policy is used with the following primary policy:
Controls
Policy Packs
This policy setting is used by the following policy packs:
- GCP CIS v2.0.0 - Section 1 - Identity and Access Management
- Check If GCP KMS Crypto Keys Are Rotated Regularly
Policy Specification
Default |
|
---|---|
Examples [YAML] |
|
Category
In Your Workspace
Developers
- tmod:@turbot/turbot#/control/categories/resourceApproved
- tmod:@turbot/gcp-kms#/policy/types/cryptoKeyApprovedCustom
- turbot graphql policy-type --id "tmod:@turbot/gcp-kms#/policy/types/cryptoKeyApprovedCustom"
- turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/gcp-kms#/policy/types/cryptoKeyApprovedCustom"
Get Policy TypeGet Policy Settings
Category URI
Policy Type URI
GraphQL
CLI