More Info:

AWS CMK configuration changes should be monitored using CloudWatch alarms.

Risk Level

Medium

Address

Security

Compliance Standards

HIPAA, ISO27001, CISAWS, CBP, NISTCSF

Triage and Remediation

Remediation

To remediate the CMK Disabled or Scheduled for Deletion alarm in AWS using the AWS console, you can follow the below steps:

  1. Login to your AWS account and navigate to the AWS KMS console.

  2. Click on the “Customer managed keys” option from the left-hand side menu.

  3. Identify the key that is disabled or scheduled for deletion.

  4. To enable a disabled key, select the key and click on the “Enable” button from the top menu.

  5. To cancel the scheduled deletion of a key, select the key and click on the “Cancel key deletion” button from the top menu.

  6. After completing the above steps, verify that the key status has changed to “Enabled” or “Pending import” and the alarm should automatically clear.

  7. If the alarm does not clear, check the SNS topic that is associated with the alarm to ensure that it is configured correctly.

By following these steps, you can remediate the CMK Disabled or Scheduled for Deletion alarm in AWS using the AWS console.

Additional Reading: