Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Is there a way to backup the Default KMS master key ?

0

I know i can copy the snapshot to second aws account, but is there actual way to backup the Default EBS KMS master key ? in case of account take over? key deletion ,etc..

Topics
StorageSecurity, Identity, & Compliance
Tags
AWS Key Management ServiceAWS Backup
Language
English
asked 2 years ago920 views
1 Answer
1
Accepted Answer

Hi Eladio

No, directly backing up the AWS KMS key material, including the Default EBS KMS key, is not allowed for security reasons. The entire concept of KMS revolves around securing your keys and ensuring they are not accessible in plain text.

If you suspect an account takeover, follow these steps:

  1. Secure your Root Account: Immediately rotate your root account credentials and enable MFA.
  2. Identify compromised resources: Use AWS CloudTrail to identify any unusual API calls or access attempts.
  3. Revoke access: Revoke access from any unauthorized users or IAM roles.

If you accidentally delete a KMS key, AWS offers limited options for recovery depending on the type of key and how long ago it was deleted. Refer to the AWS documentation for specific details: https://docs.aws.amazon.com/kms/

EXPERT
answered 2 years ago
AWS
EXPERT
reviewed 2 years ago
EXPERT
reviewed 2 years ago
EXPERT
reviewed 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content