Query: Ensure inline policies attached to IAM users, roles, and groups should not allow blocked actions on KMS keys

Description

Checks if the inline policies attached to IAM users, roles, and groups do not allow blocked actions on all AWS Key Management Service (KMS) keys. The rule is non - compliant if any blocked action is allowed on all KMS keys in an inline policy.

Query

Tables used in this query:

• aws_iam_group
• aws_iam_role
• aws_iam_user

Controls using this query:

• Ensure inline policies attached to IAM users, roles, and groups should not allow blocked actions on KMS keys

SQL