When we enable the key rotation it would reduce the chance that a compromised (CMK) could be used without your knowledge to access AWS resources. customer master key How can we check if Key Rotation is enabled? AWS Keys Rotation: To determine if your have Key Rotation enabled, perform the following: customer master keys A) Sign in to the AWS Management Console. B) Navigate to IAM dashboard c) In the left navigation panel, click Encryption Keys. D) Select the appropriate AWS region from the Filter menu. E) Select the alias of the CMK that you need to check under Alias column. F) And check the switch status under section: Rotate this key every year Key Rotation How we enable AWS key Rotation ? To enable , you need to perform the following: AWS KMS Key Rotation 1 ) Run command to list all your customer master keys: list-keys aws kms - list keys 2) The command output should return the ARN (Amazon Resource Name) and the ID for each CMK created in your current AWS region: { : [ { : , : } ] } "Keys" "KeyArn" "arn:aws:kms:us-west-2:1234567812345: key/8e1a0a1b-fa71-4077-8fde-e4cab5f1458c" "KeyId" "4t3d0t3b-ta35-4077-8fde-e4cab4rw369d" 3) Run command using the CMK ID as parameter to enable Key Rotation for the selected key: enable-key-rotation aws kms enable- - 	-- -id t3d0t3b-ta35 fde-e4cab4rw369d key rotation key "markup--strong markup--pre-strong" 4 -4077 -8 4 ) Run command to make sure that the Key Rotation feature has been enabled: get-key-rotation-status < > / aws kms get-key-rotation-status --key-id strong class= "markup--strong markup--pre-strong" 4t3d0t3b-ta35- 4077-8fde- e4cab4rw369d 5) The command output should return the Key Rotation status for the selected CMK (true for enabled, false for disabled): { class "markup--strong markup--pre-strong" "KeyRotationEnabled": false < > br </ > strong } < > br Thanks. Please free to leave comments below or reach us out at advocatedevops@gmail.com .

Amazon

Too Long; Didn't Read

Developers: Build Less. Deliver More. [Learn how]	

What is AWS Key Management Service (KMS)?

Too Long; Didn't Read

Company Mentioned

DevOps Advocate

About Author

TOPICS

THIS ARTICLE WAS FEATURED IN...

What is AWS Key Management Service (KMS)?

Too Long; Didn't Read

Company Mentioned

DevOps Advocate

About Author

TOPICS

THIS ARTICLE WAS FEATURED IN...

RELATED STORIES