1 回答
- 最新
- 投票最多
- 评论最多
1
Hi Eladio
No, directly backing up the AWS KMS key material, including the Default EBS KMS key, is not allowed for security reasons. The entire concept of KMS revolves around securing your keys and ensuring they are not accessible in plain text.
If you suspect an account takeover, follow these steps:
- Secure your Root Account: Immediately rotate your root account credentials and enable MFA.
- Identify compromised resources: Use AWS CloudTrail to identify any unusual API calls or access attempts.
- Revoke access: Revoke access from any unauthorized users or IAM roles.
If you accidentally delete a KMS key, AWS offers limited options for recovery depending on the type of key and how long ago it was deleted. Refer to the AWS documentation for specific details: https://docs.aws.amazon.com/kms/
- AWS KMS Best Practices: https://docs.aws.amazon.com/prescriptive-guidance/latest/encryption-best-practices/kms.html
- IAM Policies for KMS: https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html
- Restoring a Deleted KMS Key: https://docs.aws.amazon.com/kms/
相关内容
- AWS 官方已更新 1 年前