top of page
< Back

AWS Foundational Security Best Practice

KMS.2

IAM principals should not have IAM inline policies that allow decryption actions on all KMS keys

Severity

Cloud Platforms

Resources

MEDIUM

AWS

AWS Key Management Service

Checks whether the inline policies embedded in your IAM principals (Role/User/Group) allow the AWS Key Management Service (KMS) decryption actions on all KMS keys. This control fails if kms:Decrypt or kms:ReEncryptFrom actions are allowed on all KMS keys in an inline policy.

6pl org white ai logo.png

(C) Copyright 2023 6PILLARS CLOUD AUTOMATION PTY LTD

bottom of page