A Security Engineer who was reviewing AWS Key Management Service (AWS KMS) key policies found this statement in each key policy in the company AWS account.

A Security Engineer who was reviewing AWS Key Management Service (AWS KMS) key policies found this statement in each key policy in the company AWS account.

September 14, 2021 by Admin

A Security Engineer who was reviewing AWS Key Management Service (AWS KMS) key policies found this statement in each key policy in the company AWS account.

SCS-C01 AWS Certified Security – Specialty Part 02 Q18 010

SCS-C01 AWS Certified Security – Specialty Part 02 Q18 010

What does the statement allow?

All principals from all AWS accounts to use the key.
Only the root user from account 111122223333 to use the key.
All principals from account 111122223333 to use the key but only on Amazon S3.
Only principals from account 111122223333 that have an IAM policy applied that grants access to this key to use the key.

Leave a Reply Cancel reply

×