Continuously audit and monitor KMS key configurations and enforce security compliance as code with Panther.

AWS KMS is a managed service used to create, store, and control encryption keys to encrypt your data in your applications. Use Panther to track real-time changes to your KMS keys to ensure configurations meet your business requirements for security and compliance.

Monitoring KMS is critical for understanding the history of encryption key changes and detecting suspicious activity. Use Panther’s built in policies for continuous monitoring of KMS resources, or write your own detections in Python to fit your internal business use cases.

Use Cases

Common security use cases for KMS Key with Panther include:

• Timely rotation and management of keys

• Use your most sensitive and regulated data without giving applications direct access to your data's encryption keys

• Manage keys and define policies consistently across integrated AWS services and your applications.

• Meet your regulatory and compliance needs

How it Works

The integration is simple and fast:

• Connect your AWS account to Panther

• A baseline scan is performed to identify all existing KMS keys in your account(s)

• Built-in detections identify security issues

• Alerts will be sent if non-compliant KMS exist

Use Panther to search all KMS keys in an AWS account by name, view their compliance status, associated policies, and configured remediations. Learn more about using Panther to analyze your AWS logs for security insights.