A config rule that checks whether customer master keys (CMKs) are not scheduled for deletion in AWS Key Management Service (KMS). The rule is NON_COMPLIANT if CMKs are scheduled for deletion.
AWSTemplateFormatVersion: '2010-09-09'
Description: ''
Resources:
ConfigRule:
Type: 'AWS::Config::ConfigRule'
Properties:
ConfigRuleName: kms-cmk-not-scheduled-for-deletion
Scope:
ComplianceResourceTypes: []
Description: >-
A config rule that checks whether customer master keys (CMKs) are not
scheduled for deletion in AWS Key Management Service (KMS). The rule is
NON_COMPLIANT if CMKs are scheduled for deletion.
Source:
Owner: AWS
SourceIdentifier: KMS_CMK_NOT_SCHEDULED_FOR_DELETION
MaximumExecutionFrequency: TwentyFour_Hours
Parameters: {}
Metadata: {}
Conditions: {}
Configuration Source: AWS Documentation
Additional Documentation: