Ensure that access policy is updated for AWS Key Management Service (KMS) key

HIGH

Description

A proper access policy should be configured for the KMS keys so that only necessary individuals have access. This should follow the policy of least privilege.

Remediation

In AWS Console -

Sign in to the AWS Console and open the KMS Console.
Under Customer managed keys, choose the key you wish to edit.
Under Key policy, choose Switch to policy view, then select edit.
Configure the policy accordingly.
Select Save changes.

In Terraform -

In the aws_kms_key resource, configure the policy accordingly.

References:
https://docs.aws.amazon.com/kms/latest/developerguide/security-iam.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key

Policy Details

Rule Reference ID: AC_AWS_0162

CSP: AWS

Remediation Available: Yes

Domain: Identity and Access Management

Resource: aws_kms_key

Resource Category: Management

Resource Type: Key Management Service (KMS)

Frameworks

GDPR
HIPAA
ISO-27001
NIST-800-171
NIST-800-53
NIST-CSF

Detections

Analytics