AWS Key Management Service
Overview
Critical
3High
0Medium
0Low
0Informational
0Security issues (3)
| Severity | Non-Compliance | Region | Resource | Issue | Remediation | Read more | Action |
|---|---|---|---|---|---|---|---|
| Critical | CIS 3.8 PCI DSS 3.7.4 | us-east-1 | e92b32e6-a563-42c7-b0cc-c9a09cc3fec8 | Customer managed key (CMK) "my-key" has key rotation disabled. | PCI DSS Requirement 3.6 states that you must rotate the keys at the end of their defined cryptoperiod. CIS Control 2.8: Ensure rotation for customer-created CMKs is enabled | More info | |
| Critical | CIS 3.8 PCI DSS 3.7.4 | us-east-2 | 2a30648d-7f18-46ab-b97d-f9f0d562446e | Customer managed key (CMK) "test-key2" has key rotation disabled. | PCI DSS Requirement 3.6 states that you must rotate the keys at the end of their defined cryptoperiod. CIS Control 2.8: Ensure rotation for customer-created CMKs is enabled | More info | |
| Critical | CIS 3.8 PCI DSS 3.7.4 | us-west-2 | ef4a6c7d-4091-4456-927d-e3a62e245f59 | Customer managed key (CMK) "my-test-key" has key rotation disabled. | PCI DSS Requirement 3.6 states that you must rotate the keys at the end of their defined cryptoperiod. CIS Control 2.8: Ensure rotation for customer-created CMKs is enabled | More info |
AWS managed keys (43)
| Region | Aliases | Key ID | Status | Security issues |
|---|---|---|---|---|
| us-east-1 | aws/lightsail | 08d78df9-f0f3-4a8d-8e58-d0996f74f8df | Enabled | — |
| us-east-1 | aws/rds | 0e84f319-3c54-4544-aa77-0b06e916cfd7 | Enabled | — |
| us-east-1 | aws/lambda | 178a7f7a-380b-4b5e-9223-323d38a7f5ae | Enabled | — |
| us-east-1 | aws/sns | 1b3c8669-f550-4945-9ec9-1ed112021bde | Enabled | — |
| us-east-1 | aws/codecommit | 21d798a4-6be5-463d-9c29-0729d9ac5ee3 | Enabled | — |
| us-east-1 | aws/xray | 2a571252-40a7-40f6-8483-63c7f14279bb | Enabled | — |
| us-east-1 | aws/elasticfilesystem | 3af8fadb-880b-4ca0-9e61-af14102ab6d2 | Enabled | — |
| us-east-1 | aws/dms | 3fdbf256-fdf3-494a-aad3-c3b3894ad6cf | Enabled | — |
| us-east-1 | aws/kinesis | 42af06e1-dbfb-490f-ab87-a7d3efdabb46 | Enabled | — |
| us-east-1 | aws/acm | 51f71e25-3645-46d7-979e-6a3c3e998424 | Enabled | — |
| us-east-1 | aws/s3 | 6f8e9a68-8d11-4e6e-89fa-db920b230a5f | Enabled | — |
| us-east-1 | aws/sqs | 9db0ac48-48d9-4b1c-9d11-be5b6d39ea4f | Enabled | — |
| us-east-1 | aws/redshift | a2f68857-5cc1-4bf2-8e23-b2179f49ff7e | Enabled | — |
| us-east-1 | aws/es | a4d0461a-5e99-4b11-9be2-d3006cc61e5a | Enabled | — |
| us-east-1 | aws/backup | b6f5aee3-d954-4397-ba7f-38c8927ab57a | Enabled | — |
| us-east-1 | aws/cloud9 | bc18cd65-96fe-4721-a7e4-e40a605275fa | Enabled | — |
| us-east-1 | aws/ses | be1e3274-16cd-4343-af32-c4abeb26ac05 | Enabled | — |
| us-east-1 | aws/ebs | d146b0a5-474b-42e1-8e24-f06db23d85e1 | Enabled | — |
| us-east-2 | aws/es | 0e41828a-e7c8-4375-baa8-7e192214aafe | Enabled | — |
| us-east-2 | aws/dynamodb | 31568b5b-ff8a-492e-a103-3452cc114257 | Enabled | — |
| us-east-2 | aws/redshift | 52bc6298-a7b0-406a-8af5-3e074a43e17a | Enabled | — |
| us-east-2 | aws/xray | 889a6922-c3a8-45f0-8ac6-dcdec17992e1 | Enabled | — |
| us-east-2 | aws/lambda | 9c3c9f41-773e-4835-aa10-0dffe3a5544e | Enabled | — |
| us-east-2 | aws/rds | a2d38878-bf7d-442a-b9df-a84a0aa1cbf5 | Enabled | — |
| us-east-2 | aws/dax | aff17941-2152-414e-b66e-841a9c3da9ef | Enabled | — |
| us-west-1 | aws/lambda | 625d735e-37c6-4121-854d-d624d4b5f4c0 | Enabled | — |
| us-west-2 | aws/backup | 08287a76-39e0-4480-b04a-6b73aae7705f | Enabled | — |
| us-west-2 | aws/elasticfilesystem | 95ff1fd3-9419-492d-9031-0656051dd7aa | Enabled | — |
| us-west-2 | aws/lambda | 9c4eb4b8-32cb-4fa9-afd6-8bc246957701 | Enabled | — |
| us-west-2 | aws/fsx | f45a08d6-c08f-409e-ac4f-0a8a1708e003 | Enabled | — |
| ap-south-1 | aws/lambda | 4b2b3115-cda3-4553-8f7c-e174aee42c23 | Enabled | — |
| ap-northeast-2 | aws/lambda | 6493c3b5-6337-4597-b7dd-69f97a9dc669 | Enabled | — |
| ap-southeast-1 | aws/lambda | 6bc438da-5df4-4f22-bca7-cf1a62f4c720 | Enabled | — |
| ap-southeast-2 | aws/lambda | 6c9eec5b-9d56-43a2-bdf0-dd75e59af564 | Enabled | — |
| ap-southeast-2 | aws/lightsail | cae35b6c-74fb-4a03-bc7e-d421e3eb04d1 | Enabled | — |
| ap-northeast-1 | aws/lambda | 41085790-95f1-44cb-ab8f-14f4d22fbab0 | Enabled | — |
| ca-central-1 | aws/lambda | f39490bd-3a43-473a-a6e5-de8efda0fbb9 | Enabled | — |
| eu-central-1 | aws/lambda | c2edf4e9-140e-46cf-b6ad-78d23d283764 | Enabled | — |
| eu-west-1 | aws/lambda | 36ba78f9-a9a6-47aa-a00b-65553408214a | Enabled | — |
| eu-west-2 | aws/lambda | 4987f4f1-46b3-4826-a5b9-e776b4cdf896 | Enabled | — |
| eu-west-3 | aws/lambda | ee6bccd7-3ea3-41b1-967e-10956b0ae871 | Enabled | — |
| eu-north-1 | aws/lambda | f1c2a889-72c9-42e3-a649-71fa12392465 | Enabled | — |
| sa-east-1 | aws/lambda | 4b585bb3-21ea-457f-80e0-2accfdb31729 | Enabled | — |
Customer managed keys (3)
| Region | Aliases | Key ID | Status | Key spec | Key usage | Security issues |
|---|---|---|---|---|---|---|
| us-east-1 | my-key | e92b32e6-a563-42c7-b0cc-c9a09cc3fec8 | Enabled | SYMMETRIC_DEFAULT | Encrypt and decrypt | 1 Critical (details) |
| us-east-2 | test-key2 | 2a30648d-7f18-46ab-b97d-f9f0d562446e | Enabled | SYMMETRIC_DEFAULT | Encrypt and decrypt | 1 Critical (details) |
| us-west-2 | my-test-key | ef4a6c7d-4091-4456-927d-e3a62e245f59 | Enabled | SYMMETRIC_DEFAULT | Encrypt and decrypt | 1 Critical (details) |