Benchmark: BP01 Implement secure key management


By defining an encryption approach that includes the storage, rotation, and access control of keys, you can help provide protection for your content against unauthorized users and against unnecessary exposure to authorized users. AWS Key Management Service (AWS KMS) helps you manage encryption keys and integrates with many AWS services. This service provides durable, secure, and redundant storage for your AWS KMS keys. You can define your key aliases as well as key-level policies. The policies help you define key administrators as well as key users. Additionally, AWS CloudHSM is a cloud-based hardware security module (HSM) that allows you to easily generate and use your own encryption keys in the AWS Cloud. It helps you meet corporate, contractual, and regulatory compliance requirements for data security by using FIPS 140-2 Level 3 validated HSMs.


Install the mod:

mkdir dashboards
cd dashboards
powerpipe mod init
powerpipe mod install github.com/turbot/steampipe-mod-aws-well-architected

Start the Powerpipe server:

steampipe service start
powerpipe server

Open http://localhost:9033 in your browser and select BP01 Implement secure key management.

Run this benchmark in your terminal:

powerpipe benchmark run aws_well_architected.benchmark.well_architected_framework_sec08_bp01

Snapshot and share results via Turbot Pipes:

powerpipe benchmark run aws_well_architected.benchmark.well_architected_framework_sec08_bp01 --share