Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

KMS Key rotation

0

Once KMS key rotation is enabled to 1 year rotation (as example, the key was created 13 months back), when would the CMKs be rotated ? Would it be one year once it was enabled or one year after the key was created ?

Temas
Seguridad, identidad y cumplimiento
Etiquetas
AWS Key Management Service
Idioma
English
AWS
Anuj Sharma
preguntada hace 7 años507 visualizaciones
1 Respuesta
0
Respuesta aceptada

It would be one year after it was enabled.

When you enable automatic key rotation for a customer managed CMK, AWS KMS generates new cryptographic material for the CMK every year. AWS KMS also saves the CMK's older cryptographic material in perpetuity so it can be used to decrypt data that it encrypted. AWS KMS does not delete any rotated key material until you delete the CMK.

Key rotation changes only the CMK's backing key, which is the cryptographic material that is used in encryption operations. The CMK is the same logical resource, regardless of whether or how many times its backing key changes. The properties of the CMK do not change, as shown in the following image.

More details can be found at the documentation page below :

https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html

AWS-User-8343510
respondido hace 7 años
profile picture
EXPERTO
Giovanni Lauria
revisado hace un mes

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante