Logging and monitoring

Unmonitored KMS events

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

Ensure that KMS configuration changes are monitored correctly in AWS CloudWatch.

  • Recommended Mitigation

    It is recommended to monitor configuration changes in AWS KMS. The changes which need to be monitored are: CreateAlias, CreateGrant, CreateKey, EnableKey, EnableKeyRotation, ImportKeyMaterial, PutKeyPolicy, RetireGrant, RevokeGrant, ScheduleKeyDeletion, TagResource, UntagResource, UpdateAlias, UpdateKeyDescription, DisableKey, DisableKeyRotation, CancelKeyDeletion, DeleteAlias, DeleteImportedKeyMaterial.

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.