beta
Home
What's New
FAQ
No Items in Stack
Browse
beta
Home
No Items in Stack
Browse
Security Control
Config Rules
CloudWatch Alarms & Rules
IAM Policies
S3 Bucket Policies
Security Groups & NACLs
Service Control Policies
Domain
VPC
S3
EC2
IAM
DynamoDB
RDS
Logging & Monitoring
Amazon GuardDuty
Amazon Inspector
KMS
Billing and Cost
Configuration Packages
Enable Logging Services
Deploy Amazon VPC
Compliance and Monitoring
VPC and Network Monitoring
S3 Security
Network Activity Monitoring
Solutions, Guides & Tools
Security Solutions
Security Tools
Close
AWS KMS
AWS security controls to create AWS KMS keys and help protect AWS KMS.
Configuration
Solutions & Tools
9/9
Configuration Type
Configuration Type
Security Perspective
FILTERS
Source
Native Feature
AWS Quickstart
AWS Documentation
Filter by Tags
encryption
API and CLI Access
Console Access
Configuration Type
KMS
Config Rule
CloudWatch Alarms
IAM Policy
Service Control Policy
KMS
KMS Encryption Customer Master Key (CMK)
KMS
Configuration to create an AWS KMS Customer Master Key (CMK).
0 Tags
Quick Add
KMS Encryption Customer Master Key (CMK) with Automatic Key Rotation
KMS
Configuration to create an AWS KMS Customer Master Key (CMK) with automatic key rotation enabled.
0 Tags
Quick Add
Config Rule
cmk-backing-key-rotation-enabled
KMS
A config rule that checks that key rotation is enabled for each customer master key (CMK). The rule is COMPLIANT, if the key rotation is enabled for specific key object. The rule is not applicable to CMKs that ha...
1 Tag
Quick Add
CloudWatch Alarms
KMS CMKs Disabled or Deleted Alarm
KMS
Alarm if customer created CMKs get disabled or scheduled for deletion.
0 Tags
Quick Add
IAM Policy
Allow a User Read-Only Access to All CMKs through the AWS KMS Console
KMS
An IAM policy that allows IAM users read-only access to the AWS KMS console. That is, users can use the console to view all CMKs, but they cannot make changes to any CMKs or create new ones.
3 Tags
Quick Add
Allow a User to Encrypt and Decrypt with Any CMK in a Specific AWS Account and Region
KMS
An IAM policy that allows IAM users to successfully request that AWS KMS encrypt and decrypt data with any CMK in the specified AWS account and region.
2 Tags
Quick Add
Allow a User to Encrypt and Decrypt with Specific CMKs
KMS
An IAM policy that allows IAM users to successfully request that AWS KMS encrypt and decrypt data with a specific CMK.
2 Tags
Quick Add
Prevent a User from Disabling or Deleting Any CMKs
KMS
An IAM policy that prevents a user from disabling or deleting any CMKs, even when another IAM policy or a key policy allows these permissions.
3 Tags
Quick Add
Service Control Policy
Prevent Users from Deleting KMS Keys
KMS
This SCP prevents users or roles in any affected account from deleting KMS keys, either directly as a command or through the console.
0 Tags
