Ensure that KMS configuration changes are monitored correctly in AWS CloudWatch.
  • Recommended Mitigation

    It is recommended to monitor configuration changes in AWS KMS. The changes which need to be monitored are: CreateAlias, CreateGrant, CreateKey, EnableKey, EnableKeyRotation, ImportKeyMaterial, PutKeyPolicy, RetireGrant, RevokeGrant, ScheduleKeyDeletion, TagResource, UntagResource, UpdateAlias, UpdateKeyDescription, DisableKey, DisableKeyRotation, CancelKeyDeletion, DeleteAlias, DeleteImportedKeyMaterial.