From a06dce562f52b204b7fc0ede2f1f8160b9bd544c Mon Sep 17 00:00:00 2001
From: Juwon <juwoon7163@gmail.com>
Date: Wed, 7 Aug 2024 20:55:23 +0900
Subject: [PATCH] Add feature : KMS bp check

---
 services/kms.py | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/services/kms.py b/services/kms.py
index 8eda301..bd16a19 100644
--- a/services/kms.py
+++ b/services/kms.py
@@ -2,10 +2,24 @@ from models import RuleCheckResult
 import boto3
 
 
-# client = boto3.client("")
+client = boto3.client("kms")
 
 
 def cmk_backing_key_rotation_enabled():
+    compliant_resources = []
+    non_compliant_resources = []
+    keys = client.list_keys()["Keys"]
+
+    for key in keys:
+        response = client.get_key_rotation_status(KeyId=key["KeyId"])
+
+        if response["KeyRotationEnabled"] == True:
+            compliant_resources.append(response["KeyId"])
+        else:
+            non_compliant_resources.append(response["KeyId"])
+
     return RuleCheckResult(
-        passed=False, compliant_resources=[], non_compliant_resources=[]
+        passed=not non_compliant_resources,
+        compliant_resources=compliant_resources,
+        non_compliant_resources=non_compliant_resources,
     )