Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer managed keys

Property	Value
Language
Severity
Service	cloudwatch
Provider	AWS

Description

You can do real-time monitoring of API calls by directing CloudTrail logs to CloudWatch Logs and establishing corresponding metric filters and alarms.

CIS recommends that you create a metric filter and alarm for customer managed keys that have changed state to disabled or scheduled deletion. Data encrypted with disabled or deleted keys is no longer accessible.

Resolution

Create an alarm to alert on CMKs being disabled or scheduled for deletion