AWS_KMS_6

Ensure there are no KMS Customer Master Key Pending Deletion

Description

Identify any disabled AWS KMS Customer Master Keys (CMK) that have been accidentally or intentionally scheduled for deletion in order to prevent losing any data encrypted with these keys.

Remediation

1. Sign in to the AWS Management Console.

2. Navigate to IAM dashboard.

3. In the left navigation panel, click Encryption Keys.

4. Select the appropriate AWS region from the Filter menu:

5. Under Status column, check for any keys scheduled for deletion with the current status set to Pending Deletion.

6. Select the key, click the Key Actions button from the dashboard top menu and select Cancel key deletion. Once the scheduled delete action is canceled, the key status moves from ‘Pending Deletion’ to ‘Disabled’.

Service

KMS

Severity

Medium

Compliance

Mapping

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!