This section contains recommendations for configuring AWS KMS resources and options.
steampipe check aws_compliance.benchmark.foundational_security_kms
- 1 IAM customer managed policies should not allow decryption actions on all KMS keys
- 2 IAM principals should not have IAM inline policies that allow decryption actions on all KMS keys
- 3 AWS KMS keys should not be unintentionally deleted