By Implementation
By Service Protected
Configuration Packages
Strategy Guides
Other
By Service Protected
By Implementation
Service Control Policies
Config Rules
Auto Remediation Rules
Conformance Packs
Amazon GuardDuty
Amazon Inspector
AWS Security Hub
AWS Network Firewall
Route53 Resolver Security
Amazon Macie
S3 Bucket Policies
CloudWatch Alarms and Event Rules
AWS WAF
AWS Secrets Manager
AWS Systems Manager
Security Groups & NACLs
AWS KMS
IAM PoliciesConfiguration Packages
Strategy Guides
Other
AWS KMS
KMS Customer Master Key (CMK) with Automatic Key Rotation
Configuration to create an AWS KMS Customer Master Key (CMK) with automatic key rotation enabled.
The following settings are available for configuration:
- Key Alias and Description
- Key Rotation – Enables AWS KMS to automatically creates new key material for the CMK 365 days after the enable date and every 365 days thereafter
- Regionality – Provides an option to create a Multi-Region primary CMK that you can replicate in other AWS Regions.
This template also provides the option to create a Replica Key based on an existing multi-region key. (Note: For CLI templates, you must select the region)
Items
1
Size
0.6 KB
AWSTemplateFormatVersion: "2010-09-09"
Description: ""
Resources:
KMSKey:
Type: "AWS::KMS::Key"
Properties:
EnableKeyRotation: true
MultiRegion: false
KeyPolicy:
Version: "2012-10-17"
Statement:
- Sid: "Enable IAM User Permissions"
Effect: "Allow"
Principal:
AWS:
Fn::Join:
- ""
-
- "arn:aws:iam::"
- Ref: "AWS::AccountId"
- ":root"
Action: "kms:*"
Resource: "*"
Parameters: {}
Metadata: {}
Conditions: {}
Actions
Customize Template
* Required field