Is there a way to backup the Default KMS master key ?

0

I know i can copy the snapshot to second aws account, but is there actual way to backup the Default EBS KMS master key ? in case of account take over? key deletion ,etc..

Elaido
asked 3 months ago266 views
1 Answer
1
Accepted Answer

Hi Eladio

No, directly backing up the AWS KMS key material, including the Default EBS KMS key, is not allowed for security reasons. The entire concept of KMS revolves around securing your keys and ensuring they are not accessible in plain text.

If you suspect an account takeover, follow these steps:

  1. Secure your Root Account: Immediately rotate your root account credentials and enable MFA.
  2. Identify compromised resources: Use AWS CloudTrail to identify any unusual API calls or access attempts.
  3. Revoke access: Revoke access from any unauthorized users or IAM roles.

If you accidentally delete a KMS key, AWS offers limited options for recovery depending on the type of key and how long ago it was deleted. Refer to the AWS documentation for specific details: https://docs.aws.amazon.com/kms/

profile picture
EXPERT
Sandeep
answered 3 months ago
profile pictureAWS
EXPERT
Srini V
reviewed 3 months ago
profile picture
EXPERT
reviewed 3 months ago
profile picture
EXPERT
reviewed 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions