diff --git a/src/pentesting-cloud/aws-security/aws-services/aws-kms-enum.md b/src/pentesting-cloud/aws-security/aws-services/aws-kms-enum.md
index 543ed31cdd..338352be84 100644
--- a/src/pentesting-cloud/aws-security/aws-services/aws-kms-enum.md
+++ b/src/pentesting-cloud/aws-security/aws-services/aws-kms-enum.md
@@ -131,6 +131,11 @@ aws kms list-grants --key-id <id>
 aws kms describe-key --key-id <id>
 aws kms get-key-policy --key-id <id> --policy-name <name> # Default policy name is "default"
 aws kms describe-custom-key-stores
+
+# This script enumerates AWS KMS keys across all available regions.
+for region in $(aws ec2 describe-regions --query "Regions[].RegionName" --output text); do 
+    echo -e "\n### Region: $region ###"; aws kms list-keys --region $region --query "Keys[].KeyId" --output text | tr '\t' '\n'; 
+done
 ```
 
 ### Privesc