Free Assessment

AWS_KMS_3

Ensure a customer created Customer Master Key (CMK) has been created

Description

AWS Key Management Service (KMS) by default provides service Customer Managed Keys (CMK). Customers also have the ability to create CMKs, which allows for configuration of key rotation and key policy which is applied to the customer created CMK. You can use the key policy by itself to control who has access to the CMK and what actions each identity can perform. Controlling access this way specifies the full scope of access to the CMK in a single document (the key policy).
Customer created CMKs can be used for:

  • AWS Service level encryption(e.g. EBS, RDS, S3)
  • Key management for file/application level encryption

Remediation

Using the Amazon unified command line interface:

  • If there is no alias listed, create new KMS key and note the KeyId” element:
    aws kms create-key
  • Create an alias for the Web tier key using the above KeyId:
    aws kms create-alias –alias-name &lt

Service

KMS

Severity

Low

Compliance

Mapping

Want to Know More?

Learn how our partners are managing their cloud security and compliance with Cloudlytics.

I hereby accept the GDPR and Privacy Policy, by subscribing to the newsletters.

Cloudlytics

Solutions

Resources

Company

Legal

Facebook Twitter Linkedin Youtube
Start Free Trial
Login

CLOSE

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!

Learn More