AWS Unused Customer Master Key

Rule Description

Rule Code: AWS-Key-01

Check for any disabled KMS Customer Master Keys in your AWS account and consider to delete them.

Audit / Verification

Step 01: Sign in to the AWS Management Console.

AWS Console login

Step 02: Navigate to KMS dashboard, select Encryption Keys.

Step 03: Select the appropriate AWS region from the Filter menu:

Step 04: And check for any disabled customer master keys under the Status column: