Vulnerabilities
Misconfiguration
Runtime Security
Compliance
AWS > KMS >

KMS Scheduled Deletion

CRITICAL
Source
CloudSploit
ID
kms-scheduled-deletion
management console

KMS Scheduled Deletion

Detects KMS keys that are scheduled for deletion

Deleting a KMS key will permanently prevent all data encrypted using that key from being decrypted. Avoid deleting keys unless no encrypted data is in use.

Follow the appropriate remediation steps below to resolve the issue.

  1. Log in to the AWS Management Console.

  2. Select the “Services” option and search for KMS. Step

  3. Scroll down the left navigation panel and choose “Customer Managed Keys” under “Key Management Service”.Step

  4. Verify the “KMS keys” that are scheduled for deletion and “Status” is shown as “Pending deletion” under the “Customer managed keys”.Step

  5. Repeat step number 2 - 4 to verify other “KMS keys” which are scheduled for deletion in other regions in AWS.

  6. Navigate to “Customer Managed Keys” under “Key Management Service” and select the “KMS key” that needs to be modified to disable the scheduled key deletion.Step

  7. Click on the “Key actions” button at the top and select the “Cancel key deletion” option to disable the scheduled deletion.Step

  8. Click on the “Disable” option under “Key actions” to disable the selected “KMS key” instead of deleting the key.Step

  9. Repeat step number 6 - 8 to disable the key deletion before the scheduled deletion time.

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use