top of page
< Back

AWS Foundational Security Best Practice

KMS.3

AWS KMS keys should not be deleted unintentionally

Severity

Cloud Platforms

Resources

CRITICAL

AWS

AWS Key Management Service

This control checks whether AWS Key Management Service (KMS) customer managed keys (CMK) are scheduled for deletion. The control fails if a KMS CMK is scheduled for deletion.

bottom of page