making sure agentless scanning kms key uses rotation (#22)

miguelpais · web-flow · commit 1900a66e0fb2 · 2024-10-30T08:47:07.000+01:00
diff --git a/modules/agentless-scanning/main.tf b/modules/agentless-scanning/main.tf
@@ -417,6 +417,7 @@ Resources:
         Description: "Sysdig Agentless Scanning encryption key"
         PendingWindowInDays: ${var.kms_key_deletion_window}
         KeyUsage: "ENCRYPT_DECRYPT"
+        EnableKeyRotation: true   # Enables automatic yearly rotation
         KeyPolicy:
           Id: ${local.scanning_resource_name}
           Statement:
diff --git a/modules/agentless-scanning/organizational.tf b/modules/agentless-scanning/organizational.tf
@@ -181,6 +181,7 @@ Resources:
         Description: "Sysdig Agentless Scanning encryption key"
         PendingWindowInDays: ${var.kms_key_deletion_window}
         KeyUsage: "ENCRYPT_DECRYPT"
+        EnableKeyRotation: true   # Enables automatic yearly rotation
         KeyPolicy:
           Id: ${local.scanning_resource_name}
           Statement:
