IAM Policy Allows Access To KMS Privileges

Overview

Check that no IAM policies granting unrestricted KMS privileges are generated. As KMS holds significant importance, it's imperative for IAM policies to adhere to the principle of least privilege, especially for this service. Opting for a minimal permission set initially, and then adding permissions as needed, is a more secure approach. It's recommended to begin with conservative permissions and then progressively enhance them, rather than starting with excessively permissive access and attempting to restrict later. Enumerate the policies and assess whether the permissions granted are truly essential for conducting business tasks at hand.

Vendor

AWS

Cloud Service

IAM

References

http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html, https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPolicies.html, https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html

Severity

Item Types

AWS::IAM::ManagedPolicy

Overview​

Vendor​

Cloud Service​

References​

Severity​

Item Types​