Not monitoring API calls for Customer Master Keys (CMKs) that have been disabled or scheduled for deletion

Details

This rule checks for adherence to Center for Internet Security (CIS) Recommendation 3.7, Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs. https://d0.awsstatic.com/whitepapers/compliance/AWS_CIS_Foundations_Benchmark.pdf#page=106

Tags: cis