Spaces
Apps
Templates
Create
Blue Hexagon Documentation
All content
Space settings
Content
Results will update as you type.
Show more above
•
AWS-ES-Public-Kibana-Ports-Without-Auth
•
AWS-ES-Shodan-IP
•
AWS-Firehose-Firehose-Delivery-Streams-Encrypted
•
AWS-Glacier-Public
•
AWS-Glue-AWS-Glue-Data-Catalog-CMK-Encrypted
•
AWS-Glue-AWS-Glue-Data-Catalog-Encryption-Enabled
•
AWS-Glue-AWS-Glue-Job-Bookmark-Encryption-Enabled
•
AWS-Glue-AWS-Glue-S3-Encryption-Enabled
•
AWS-Glue-Catalog-Connection-Password-Unencrypted
•
AWS-Glue-Database-Ssl-Connection
•
AWS-Glue-Endpoints-Cloudwatch-Logs-Unencrypted
•
AWS-Glue-Endpoints-Job-Bookmarks-Unecrypted
•
AWS-Glue-Endpoints-S3-Unencrypted
•
AWS-Glue-ETL-Jobs-S3-Unencrypted
•
AWS-Glue-ETS-Jobs-Cloudwatch-Logs-Unencrypted
•
AWS-Glue-User-With-Two-Access-Keys
•
AWS-GuardDuty-GuardDuty-is-Enabled
•
AWS-GuardDuty-GuardDuty-Master-Account
•
AWS-IAM-Access-Analyzer
•
AWS-IAM-Access-key-enabled-on-root-account
•
AWS-IAM-Access-Keys-Extra
•
AWS-IAM-Access-Keys-in-IAM-User-Setup
•
AWS-IAM-Access-Keys-Last-Used
•
AWS-IAM-Access-Keys-Rotated
•
AWS-IAM-Admin-Group-Without-Admin-Name
•
AWS-IAM-Admin-Privilege-Custom-Policy
•
AWS-IAM-Admin-Privilege-Managed-Policy
•
AWS-IAM-Administrator-Access-Users-Without-MFA
•
AWS-IAM-AWS-Support-Role
•
AWS-IAM-Bad-MFA-Policy
•
AWS-IAM-Credentials-Unused
•
AWS-IAM-Credentials-Unused-Max-Days
•
AWS-IAM-expired-SSL-TLS-certificates-removed
•
AWS-IAM-IAM-User-Unauthorized-to-Edit
•
AWS-IAM-Known-Bad-Policy
•
AWS-IAM-Linter
•
AWS-IAM-Maximum-Password-Age
•
AWS-IAM-MFA-Disabled
•
AWS-IAM-Minimum-Password-Length
•
AWS-IAM-Monitoring-Policy-Change-Log-Metric
•
AWS-IAM-No-User-IAM-Policies
•
AWS-IAM-Not-Action-In-Allow
•
AWS-IAM-Password-Expiration
•
AWS-IAM-password-policy-enabled
•
AWS-IAM-Password-Requires-Lowercase
•
AWS-IAM-Password-Requires-Numbers
•
AWS-IAM-Password-Requires-Symbols
•
AWS-IAM-Password-Requires-Uppercase
•
AWS-IAM-Password-Reuse-Prevention
•
AWS-IAM-Policies-Attached-To-Groups
•
AWS-IAM-Policy-With-Full-Privileges
•
AWS-IAM-Root-Access-Keys
•
AWS-IAM-Root-Account-Active-Signing-Certificates
•
AWS-IAM-Root-Account-In-Use
•
AWS-IAM-Root-Hardware-MFA
•
AWS-IAM-Root-MFA-Enabled
•
AWS-IAM-SAML-Not-Configured
•
AWS-IAM-Security-Contact-Info
•
AWS-IAM-Security-Questions-Registered
•
AWS-IAM-SSH-Keys-Rotated
•
AWS-IAM-Unexpected-Admin-Privilege-Principal
•
AWS-IAM-Unexpected-Format-Policy
•
AWS-IAM-Unexpected-S3-Listing-Principal
•
AWS-IAM-Use-Of-Root-Account
•
AWS-IAM-user-access-keys-2-rotated-every-90-days
•
AWS-IAM-Users-MFA-Enabled
•
AWS-IAM-Users-Password-And-Keys
•
AWS-IAM-Users-Password-Last-Used
•
AWS-IAM-Users-Without-MFA
•
AWS-Kinesis-firehose-stream-as-source-has-server-side-encryption
•
AWS-Kinesis-firehose-stream-as-source-uses-CMK-server-side-encryption
•
AWS-Kinesis-Kinesis-Streams-Encrypted
•
AWS-Kinesis-stream-with-direct-PUT-has-server-side-encryption
•
AWS-Kinesis-stream-with-direct-PUT-uses-CMK-server-side-encryption
•
AWS-KMS-App-Tier-KMS-Customer-Master-Key-(CMK)
•
AWS-KMS-CMK-administrator-are-key-users
•
AWS-KMS-CMK-deletion-allowed-to-other-principal
•
AWS-KMS-CMK-deletion-set
•
AWS-KMS-CMK-expiry-set-with-external-key-material
•
AWS-KMS-CMK-full-access-to-root-user-configured
•
AWS-KMS-CMK-KMS-Unused
•
AWS-KMS-CMK-uses-external-key-material
•
AWS-KMS-custom-key-stores-connected-to-cloudHSM
•
AWS-KMS-Keys-Exposed
•
AWS-KMS-KMS-Default-Key-Usage
•
AWS-KMS-KMS-Key-Policy
•
AWS-KMS-KMS-Key-Rotation
•
AWS-KMS-KMS-Scheduled-Deletion
•
AWS-Lambda-env-variable-encrypted-at-rest-uses-CMK
•
AWS-Lambda-env-variable-in-transit-encrytion-uses-aws-helpers
•
AWS-Lambda-excess-permission-removed
•
AWS-Lambda-function-alias-uses-single-trigger
•
AWS-Lambda-function-cross-account-access-disallowed
•
AWS-Lambda-function-uses-single-trigger
•
AWS-Lambda-function-using-unique-role
•
AWS-Lambda-Functions-Contain-Secrets
•
AWS-Lambda-Lambda-Admin-Privileges
•
AWS-Lambda-Lambda-APIs-Cloudtrail
•
AWS-Lambda-Lambda-Environment-Variables-Client-Side-Encryption
•
AWS-Lambda-Lambda-Log-Groups
•
AWS-Lambda-Lambda-Old-Runtimes
•
AWS-Lambda-Lambda-Public-Access
•
AWS-Lambda-Lambda-Tracing-Enabled
•
AWS-Lambda-Lambda-VPC-Config
•
AWS-Lambda-Obsolete-Runtimes
•
AWS-Lambda-Resource-Based-Policy-Public
•
AWS-Lambda-Variables-Contain-Secrets
•
AWS-Lightsail-In-Use
•
AWS-Macie-Enabled
•
AWS-Monitoring-AWS-Config-Change-Log-Metric
•
AWS-Monitoring-CMK-Disable-Deletion-Log-Metric
•
AWS-Monitoring-Config-Change-Log-Metric
•
AWS-Monitoring-Console-Auth-Failure-Log-Metric
•
AWS-Monitoring-MFA-Console-Sign-in-Log-Metric
•
AWS-Monitoring-Nacl-Change-Change-Log-Metric
•
AWS-Monitoring-Network-Gateway-Change-Log-Metric
•
AWS-Monitoring-Root-Account-Usage-Change-Log-Metric
•
AWS-Monitoring-Route-Table-Change-Log-Metric
•
AWS-Monitoring-S3-Policy-Change-Log-Metric
•
AWS-Monitoring-Security-Group-Change-Log-Metric
•
AWS-Monitoring-Unauthorized-API-Call-Log-Metric
•
AWS-Monitoring-VPC-Change-Log-Metric
•
AWS-MWAA-Environment-Admin-Privileges
•
AWS-MWAA-Web-Server-Public-Access
•
AWS-Neptune-DB-7-days-backup-retention-enable
•
AWS-Neptune-DB-audit-logs-for-log-export-enable
•
AWS-Neptune-DB-auto-minor-version-upgrade-enable
•
AWS-Neptune-DB-deletion-protection-enable
•
AWS-Neptune-DB-IAM-DB-authentication-enable
•
AWS-Neptune-DB-multi-AZ-High-Availability-enable
•
AWS-Neptune-DB-snapshot-encryption-enable
•
AWS-Neptune-DB-snapshot-sharing-private
•
AWS-Neptune-DB-using-non-default-listening-port
•
AWS-Organizations-Enable-All-Organization-Features
•
AWS-Organizations-Organization-Invite
•
AWS-RDS-database-instances-accessibility-private-only
•
AWS-RDS-DB-master-username-non-default
•
AWS-RDS-Instance-Security-Group-block-Inbound-from-any-source
•
AWS-RDS-Instances-event-subscription-enable
•
AWS-RDS-MYSQL-backup-binary-log-disable
•
AWS-RDS-MYSQL-backup-configuration-enable
•
AWS-RDS-RDS-Automated-Backups
•
AWS-RDS-RDS-CMK-Encryption
•
AWS-RDS-RDS-Deletion-Protection-Enabled
•
AWS-RDS-RDS-DocumentDB-Minor-Version-Upgrade
•
AWS-RDS-RDS-Encryption-Enabled
•
AWS-RDS-RDS-IAM-Database-Authentication-Enabled
•
AWS-RDS-RDS-Logging-Enabled
•
AWS-RDS-RDS-Multiple-AZ
•
AWS-RDS-RDS-Publicly-Accessible
•
AWS-RDS-RDS-Restorable
•
AWS-RDS-RDS-Snapshot-Encryption
•
AWS-RDS-RDS-Transport-Encryption-Enabled
•
AWS-RDS-Snapshots-Cluster-Public
•
AWS-RDS-SQL-Server-TLS-Version
•
AWS-RDS-VPC-Classic
•
AWS-Redshift-Redshift-Automated-Snapshot-Retention-Period
•
AWS-Redshift-Redshift-Cluster-Allow-Version-Upgrade
•
AWS-Redshift-Redshift-Cluster-Audit-Logging-Enabled
•
AWS-Redshift-Redshift-Cluster-CMK-Encryption
•
AWS-Redshift-Redshift-Cluster-Default-Master-Username
Show more below
Blue Hexagon Documentation
/
AWS Misconfiguration Remediations
/
AWS-KMS-CMK-KMS-Unused
Summarize
AWS-KMS-CMK-KMS-Unused
naveen
Owned by
naveen
Dec 06, 2021
Loading data...
Severity
: Medium
Description
: CMK KMS keys not used.
Blue Hexagon Proprietary
{"serverDuration": 40, "requestCorrelationId": "533d1299b1c54842b88909b54a131567"}