Neglected assets

Disabled KMS CMK

Risk Level

Informational (4)



The KMS CMK (customer master key) {AwsKmsKey} is disabled. There is a monthly cost associated with all KMS CMKs regardless of whether they are enabled or disabled. This means that disabled CMKs are adding costs to your AWS bill while not being of any use.
  • Recommended Mitigation

    Identify and remove any disabled customer master keys (CMK).