fluidasserts.cloud.aws.cloudformation.kms module

AWS CloudFormation checks for KMS (Key Management Service).

Some rules were taken from CFN_NAG

fluidasserts.cloud.aws.cloudformation.kms.is_key_rotation_absent_or_disabled(path, exclude=None)

Check if any KMS::Key is miss configured.

The following checks are performed:

  • F19 EnableKeyRotation should not be false or absent on KMS::Key resource

  • path (str) – Location of CloudFormation’s template file.

  • exclude (typing.Optional[typing.List[str]]) – Paths that contains any string from this list are ignored.


  • OPEN if any of the referenced rules is not followed.

  • UNKNOWN on errors.

  • CLOSED otherwise.

Return type