Do All Keys Have Resources Attached?
Attaching A Specific Resource to AWS KMS
A robust understanding of AWS KMS is critical to resource management in your AWS environment. To enhance your key infrastructure, every key should have a resource assigned to it. (For example, AWS explains that the primary resource attached to AWS KMS is a CMK.) This can be accomplished through the AWS CLI or through AWS IAM policies. Any keys with unassigned resources should not be used within your AWS environment.
For more information, visit the AWS overview of managing access to KMS resources.
Key management within AWS is a critical part of resource management within AWS. Ensuring that you have resources assigned to specific keys will ensure that you have a good key infrastructure. By using the AWS CLI, you are able to define and understand which keys have been assigned to which resources within the environment. Any keys that have unassigned resources should not be used within the environment and should be removed.