Ensure principal is defined for every IAM policy attached to AWS Key Management Service (KMS) key

HIGH

Description

Setting a Principal in an access policy will effectively grant users, accounts, or services with access to each repository. For more information on how to properly assign a Principal within the KMS policy, see the AWS documentation.
References:
https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html

Remediation

In AWS Console -

Sign in to the AWS Console and open the KMS Console.
Under Customer managed keys, choose the key you wish to edit.
Under Key policy, choose Switch to policy view, then select edit.
Configure the policy accordingly.
Select Save changes.

In Terraform -

In the aws_kms_key resource, configure the policy accordingly with a properly defined Principal.

References:
https://docs.aws.amazon.com/kms/latest/developerguide/security-iam.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key

Policy Details

Rule Reference ID: AC_AWS_0458

CSP: AWS

Remediation Available: Yes

Domain: Identity and Access Management

Resource: aws_kms_key

Resource Category: Management

Resource Type: Key Management Service (KMS)

Frameworks

GDPR
NIST-800-171
NIST-800-53
NIST-CSF
HIPAA