- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
This control verifies if KMS keys are set for deletion. The control will not pass if a KMS key is set for deletion and replicas do not exist.
Once a KMS key is deleted, it cannot be recovered. Data encrypted with a KMS key becomes permanently unrecoverable if the key is deleted. If important data is encrypted under a KMS key that is scheduled for deletion, it is recommended to decrypt or re-encrypt the data using a new KMS key unless a cryptographic erasure is intentional.
If a KMS key is scheduled for deletion, there is a required waiting period to allow for the possibility of reversing the deletion if it was set in error. The default waiting period is 30 days, but it can be shortened to a minimum of 7 days when scheduling the deletion of a KMS key. During this waiting period, the deletion can be canceled, and the KMS key will not be deleted.
For more details on deleting KMS keys, refer to the Deleting KMS keys section in the AWS Key Management Service Developer Guide.
To revoke a planned deletion of a KMS key, please refer to the Scheduling and canceling key deletion (console) of the AWS Key Management Service Developer Guide.