Is there a way to backup the Default KMS master key ?

0

I know i can copy the snapshot to second aws account, but is there actual way to backup the Default EBS KMS master key ? in case of account take over? key deletion ,etc..

已提问 3 个月前290 查看次数
1 回答
1
已接受的回答

Hi Eladio

No, directly backing up the AWS KMS key material, including the Default EBS KMS key, is not allowed for security reasons. The entire concept of KMS revolves around securing your keys and ensuring they are not accessible in plain text.

If you suspect an account takeover, follow these steps:

  1. Secure your Root Account: Immediately rotate your root account credentials and enable MFA.
  2. Identify compromised resources: Use AWS CloudTrail to identify any unusual API calls or access attempts.
  3. Revoke access: Revoke access from any unauthorized users or IAM roles.

If you accidentally delete a KMS key, AWS offers limited options for recovery depending on the type of key and how long ago it was deleted. Refer to the AWS documentation for specific details: https://docs.aws.amazon.com/kms/

profile picture
专家
已回答 3 个月前
profile pictureAWS
专家
已审核 3 个月前
profile picture
专家
已审核 3 个月前
profile picture
专家
已审核 3 个月前

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则

相关内容