A KMS instance is considered compliant if the number of days remaining before it expires is greater than the value specified for the parameter, or if auto-renewal is enabled for the instance.
Risk level
Default risk level: High.
You can change the risk level as needed.
Detection logic
A KMS instance is considered compliant if the number of days remaining before it expires is greater than the value specified for the parameter, or if auto-renewal is enabled for the instance.
Rule details
Parameter | Description |
Rule name | KMS instance expiration check |
Rule identifier | |
Tag | KMS |
Automatic remediation | Supported |
Rule trigger | Periodic |
Trigger frequency | 24 hours |
Supported resource types | ACS::KMS::Instance |
Input parameters | days (Default: 30) |
Remediation
To remediate a non-compliant resource that is detected by this rule, see Product Billing.