A company is utilizing AWS Key Management Service (KMS) keys with manual rotation to comply with regulatory standards. The security team requires a notification system to alert them when any KMS key has not been rotated within the last 90 days. Which AWS service configuration or setup would effectively fulfill this requirement?

Exam-Like

Configure AWS KMS to automatically publish notifications to an Amazon Simple Notification Service (SNS) topic when a key is older than 90 days.

0.0%

Set up an Amazon EventBridge rule to trigger an AWS Lambda function that checks the AWS Trusted Advisor API for key rotation status and then sends a notification via Amazon SNS.

0.0%

Create a custom AWS Config rule that monitors KMS key rotation and sends notifications to an Amazon SNS topic if a key is found to be unrotated for 90 days.

100.0%

Utilize AWS Security Hub to monitor KMS key rotation and configure it to send notifications to an Amazon SNS topic when a key has not been rotated for 90 days.

0.0%

AWS Certified DevOps Engineer - Professional

Get started today

Comments