updating key examination

Author: cyphronix

aws_sra_examples/solutions/genai/bedrock_org/lambda/src/sra_kms.py

@@ -141,7 +141,8 @@ def schedule_key_deletion(self, kms_client: KMSClient, key_id: str, pending_wind
 
     def search_key_policies(self, kms_client: KMSClient, key_policy: str) -> tuple[bool, str]:
         for key in self.list_all_keys(kms_client):
-            if kms_client.describe_key(KeyId=key["KeyId"])["KeyMetadata"]["KeyState"] == "PendingDeletion":
+            self.LOGGER.info(f"Examining state of key: {key['KeyId']}")
+            if kms_client.describe_key(KeyId=key["KeyId"])["KeyMetadata"]["KeyState"] != "Enabled":
                 self.LOGGER.info(f"Skipping pending deletion key: {key['KeyId']}")
                 continue
             self.LOGGER.info(f"Examinining policies in {key} kms key...")