Loading controls...
Control: Ensure that Cloud KMS cryptokeys are not anonymously or publicly accessible
Description
It is recommended that the IAM policy on Cloud KMS cryptokeys should restrict anonymous and/or public access.
Usage
Run the control in your terminal:
powerpipe control run gcp_compliance.control.kms_key_not_publicly_accessibleSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run gcp_compliance.control.kms_key_not_publicly_accessible --shareSQL
This control uses a named query:
kms_key_not_publicly_accessible