cmk-backing-key-rotation-enabled

Checks that key rotation is enabled for each key and matches to the key ID of the customer created customer master key (CMK). The rule is COMPLIANT, if the key rotation is enabled for specific key object. The rule is not applicable to CMKs that have imported key material.

Note

This rule only evaluates symmetric AWS KMS keys and ignores asymmetric AWS KMS keys.

Identifier: CMK_BACKING_KEY_ROTATION_ENABLED

Trigger type: Periodic

AWS Region: All supported AWS Regions except China (Beijing) and China (Ningxia)

Parameters:

None

AWS CloudFormation template

To create AWS Config managed rules with AWS CloudFormation templates, see Creating AWS Config Managed Rules With AWS CloudFormation Templates.

Warning Javascript is disabled or is unavailable in your browser.

To use the AWS Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

cloudwatch-log-group-encrypted

codebuild-project-envvar-awscred-check