Ensure that a specific list of AWS KMS Customer Master Keys (CMKs) are available for use in your AWS account in order to meet strict security and compliance requirements in your organization. Prior to running this rule by the Cloud Conformity engine, the list of specific KMS Customer Master Keys must be defined in the rule settings, on the Cloud Conformity account dashboard.
Using the specified set of Amazon KMS Customer Master Keys (CMKs) to encrypt data within your AWS account can provide a better control over encryption/decryption process and fulfill compliance requirements when it comes to data protection in your organization.
To determine if the KMS keys specified in the conformity rule settings (e.g. "highlyprotected", "protected", "internal", etc) are available for use in your AWS account, perform the following actions:
To create the required Amazon KMS Customer Master Keys (CMKs), defined in the conformity rule settings, perform the following actions: