Ensure that a specific list of AWS KMS Customer Master Keys (CMKs) are available for use in your AWS account in order to meet strict security and compliance requirements in your organization. Prior to running this rule by the Cloud Conformity engine, the list of specific KMS Customer Master Keys must be defined in the rule settings, on the Cloud Conformity account dashboard.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Using the specified set of Amazon KMS Customer Master Keys (CMKs) to encrypt data within your AWS account can provide a better control over encryption/decryption process and fulfill compliance requirements when it comes to data protection in your organization.
To determine if the KMS keys specified in the conformity rule settings (e.g. "highlyprotected", "protected", "internal", etc) are available for use in your AWS account, perform the following actions:
To create the required Amazon KMS Customer Master Keys (CMKs), defined in the conformity rule settings, perform the following actions: