You must be logged in to view saved presets
Block IAM Inline Policy KMS Actions
Checks if the inline policies attached to your IAM users, roles, and groups do not allow blocked actions on all AWS KMS keys. The rule is NON_COMPLIANT if any blocked action is allowed on all AWS KMS keys in an inline policy.
This config rule supports the following parameters:
- blockedActionsPatterns
- Required: Yes
- Type: CSV
- Description:Comma-separated list of blocked KMS action patterns, for example, kms:*, kms:Decrypt, kms:ReEncrypt*.
- excludeRoleByManagementAccount
- Required: No
- Type: boolean
- Description:Exclude a role if it is only assumable by organization management account.
CloudFormation Template
© 2024 asecurecloud. All rights reserved.