AWS Config
Developer Guide

kms-cmk-not-scheduled-for-deletion

Checks whether customer master keys (CMKs) are not scheduled for deletion in AWS Key Management Service (KMS). The rule is NON_COMPLIANT if CMKs are scheduled for deletion.

Identifier: KMS_CMK_NOT_SCHEDULED_FOR_DELETION

Trigger type: Periodic

AWS Region: All supported AWS regions

Parameters:

kmsKeyIds

Comma-separated list of specific customer managed key IDs not to be scheduled for deletion. If you do not specify any keys, the rule checks all the keys.

AWS CloudFormation template

To create AWS Config managed rules with AWS CloudFormation templates, see Creating AWS Config Managed Rules With AWS CloudFormation Templates.