Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Ensuring Data Access: Key Management and Backup Strategies

0

Hi everyone, AWS mentioned that If the customer-managed key is accidentally deleted, we will lose access to encrypted data. right? 1-do you have any opinion for backup strategy? 2-How do we guarantee no data access loss in case of accidental key deletion?

Topics
StorageSecurity, Identity, & Compliance
Tags
AWS Key Management ServiceBackup & Recovery
Language
English
asked 2 years ago318 views
1 Answer
1

Hello,

  • After a KMS key is deleted, you can no longer decrypt the data that was encrypted under that KMS key, which means that data becomes unrecoverable.

  • You should delete a KMS key only when you are sure that you don't need to use it anymore. If you are not sure, consider disabling the KMS key instead of deleting it. You can re-enable a disabled KMS key and cancel the scheduled deletion of a KMS key, but you cannot recover a deleted KMS key.

  • Restrict the key deletion access through IAM policies.

refer to below documentation regarding scheduling & deleting customer managed key.

Deleting AWS KMS keys

Scheduling and canceling key deletion

AWS
answered 2 years ago
  • gh02
    2 years ago

    thanks .. I know, my question was how we can restrict deleting the key?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content