Identify any publicly accessible AWS Key Management Service master keys and update their access policy in order to stop any unsigned requests made to these resources.
This rule can help you with the following compliance standards:
- Payment Card Industry Data Security Standard (PCI DSS)
- General Data Protection Regulation (GDPR)
- NIST 800-53 (Rev. 4)
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Allowing anonymous access to your AWS KMS keys is considered bad practice and can lead to sensitive data leakage. One common scenario is when an AWS user grants permissions to everyone for using the KMS key but forgets adding the Condition clauses to the key policy in order to filter the access to certain accounts.
To determine if your AWS KMS master keys are opened to the world, perform the following:
Remediation / Resolution
To block anonymous access to your Amazon KMS master keys, perform the following:
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Risk level: High