kms-cmk-not-scheduled-for-deletion

Checks if AWS Key Management Service (AWS KMS) keys are not scheduled for deletion in AWS KMS. The rule is NON_COMPLIANT if KMS keys are scheduled for deletion.

Identifier: KMS_CMK_NOT_SCHEDULED_FOR_DELETION

Resource Types: AWS::KMS::Key

Trigger type: Periodic

AWS Region: All supported AWS regions except Europe (Milan) Region

Parameters:

kmsKeyIds (Optional)
Type: String: (Optional) Comma-separated list of specific customer managed key IDs not to be scheduled for deletion. If you do not specify any keys, the rule checks all the keys.

AWS CloudFormation template

To create AWS Config managed rules with AWS CloudFormation templates, see Creating AWS Config Managed Rules With AWS CloudFormation Templates.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

kinesis-stream-encrypted

kms-key-policy-no-public-access