github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/aws/ssm/AVD-AWS-0098/Terraform.md

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/aws/ssm/AVD-AWS-0098/Terraform.md (about)

     1  
     2  Use customer managed keys
     3  
     4  ```hcl
     5   resource "aws_kms_key" "secrets" {
     6   	enable_key_rotation = true
     7   }
     8   
     9   resource "aws_secretsmanager_secret" "good_example" {
    10     name       = "lambda_password"
    11     kms_key_id = aws_kms_key.secrets.arn
    12   }
    13   
    14  ```
    15  
    16  #### Remediation Links
    17   - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret#kms_key_id
    18