turbot/aws_compliance

Control: IAM policy should not grant full access to KMS service

Description

KMS is a critical service and IAM policies should follow least privilege model for this service in particular. This control is non-compliant if the managed IAM policy allows full access to KMS service.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.iam_policy_no_full_access_to_kms

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.iam_policy_no_full_access_to_kms --share

SQL

This control uses a named query:

iam_policy_no_full_access_to_cloudtrail

Tags