Parsing CloudTrail logs to check CMK activities

The CMK access can be viewed in the CloudTrail in a customer's AWS account by tracking the Clumio KMS activities with the following usernames:

  • 'KMS-backup' - Used during the Backup operations
  • 'KMS-post-processing' - Used during the Post-processing work (FLI) operations
  • 'KMS-restore' -Used during the Restore operations

Any operations performed on the Clumio CMK apart from the above usernames should be reported and analyzed thoroughly by your security team.  

 

Please reach out to [email protected] with any questions.