Rule Code: AWS-Key-01
Check for any disabled KMS Customer Master Keys in your AWS account and consider to delete them.
Audit / Verification
Step 01: Sign in to the AWS Management Console.
Step 02: Navigate to KMS dashboard, select Encryption Keys.
Step 03: Select the appropriate AWS region from the Filter menu:
Step 04: And check for any disabled customer master keys under the Status column: