CMK KMS Key Is Deleted Intentionally

Overview

This check examines whether KMS keys are in the process of being scheduled for deletion. The validation does not succeed if a KMS key is currently marked for deletion.

Once a KMS key is deleted, recovery is not possible. Additionally, data encrypted under a KMS key becomes permanently unrecoverable upon the deletion of the key. If significant data has been encrypted using a KMS key that is slated for deletion, it is advisable to decrypt the data or consider re-encrypting it under a new KMS key, unless the intentional objective is cryptographic erasure.

Vendor

AWS

Cloud Service

KMS

KMS.3

Severity

Item Types

AWS::KMS::Key

Overview​

Vendor​

Cloud Service​

Related Controls​

Severity​

Item Types​

Overview

Vendor

Cloud Service

Related Controls

Severity

Item Types