Free Assessment

AWS_KMS_5

Ensure there are no Unused Customer Master Key

Description

Check for any disabled KMS Customer Master Keys in your AWS account and remove them in order to lower the cost of your monthly AWS bill.

Remediation

1. Sign in to the AWS Management Console.

2. Navigate to IAM dashboard.

3. In the left navigation panel, click Encryption Keys.

4. Select the appropriate AWS region from the Filter menu:

5. And check for any disabled customer master keys under the Status column:

6. Select the disabled key:

7. Click on the Key Actions dropdown menu and select Schedule key deletion:

8. In the Schedule key deletion dialog box, under Waiting period (in days) section, enter a value between 7 and 30 (days) and click Schedule deletion:

9. The selected key status should change into Pending Deletion:

Service

KMS

Severity

Low

Compliance

Mapping

Want to Know More?

Learn how our partners are managing their cloud security and compliance with Cloudlytics.

I hereby accept the GDPR and Privacy Policy, by subscribing to the newsletters.

Cloudlytics

Solutions

Resources

Company

Legal

Facebook Twitter Linkedin Youtube
Start Free Trial
Login

CLOSE

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!

Learn More