September 14, 2021 by Admin
A Security Engineer who was reviewing AWS Key Management Service (AWS KMS) key policies found this statement in each key policy in the company AWS account.
What does the statement allow?
- All principals from all AWS accounts to use the key.
- Only the root user from account 111122223333 to use the key.
- All principals from account 111122223333 to use the key but only on Amazon S3.
- Only principals from account 111122223333 that have an IAM policy applied that grants access to this key to use the key.