Checks whether the customer master key (CMK) of Key Management Service (KMS) belongs to Alibaba Cloud. If so, the evaluation result is Compliant.
Scenarios
Using Alibaba Cloud KMS CMKs ensures higher security, reliability, convenient management, lower cost, and more flexibility, and also helps avoid potential legal risks.
Risk level
Default risk level: medium.
When you apply this rule, you can change the risk level based on your business requirements.
Compliance evaluation logic
If the CMK of KMS belongs to Alibaba Cloud, the evaluation result is Compliant.
If the CMK of KMS does not belong to Alibaba Cloud, the evaluation result is Non-compliant.
Rule details
Parameter | Description |
Rule name | kms-key-origin-not-external |
Rule identifier | |
Tag | KMS, Key |
Automatic remediation | Not supported |
Trigger type | Configuration change |
Supported resource type | KMS CMK |
Input parameter | None |