Configuration to create an AWS KMS Customer Master Key (CMK).
A collection of AWS Security controls for AWS KMS. Controls include configuration to create KMS keys, IAM policies, CloudWatch events and alarms for monitoring as well as Config rules. Configuration templates are available in AWS CloudFormation, AWS CLI and Terraform
Configuration to create an AWS KMS Customer Master Key (CMK) with automatic key rotation enabled.
A configuration package to monitor KMS related API activity as well as configuration compliance rules to ensure the security of AWS KMS configuration. The package includes Config Rules, CloudWatch Alarms, and CloudWatch Event Rules, and uses SNS to deliver email notifications. The package also includes configuration to enable the required AWS logging services: AWS CloudTrail, Config, and CloudWatch log groups
An IAM policy that allows IAM users read-only access to the AWS KMS console. That is, users can use the console to view all CMKs, but they cannot make changes to any CMKs or create new ones.
An IAM policy that allows IAM users to successfully request that AWS KMS encrypt and decrypt data with any CMK in the specified AWS account and region.
An IAM policy that allows IAM users to successfully request that AWS KMS encrypt and decrypt data with a specific CMK.
An IAM policy that prevents a user from disabling or deleting any CMKs, even when another IAM policy or a key policy allows these permissions.