Ensure KMS key policy does not contain wildcard (*) principal

Error: KMS key policy contains wildcard (*) principal

Bridgecrew Policy ID: BC_AWS_IAM_63
Checkov Check ID: CKV_AWS_33
Severity: HIGH

KMS key policy contains wildcard (*) principal

Description

TBD

Fix - Buidtime

CloudFormation

  • Resource: AWS::KMS::Key
  • Argument: Properties.Statement.Principal
Type: AWS::KMS::Key
    Properties:
        ...
        Statement:
            - ...
        Principal:
-           "*"
-           AWS: "*"
+                   AWS: !Sub 'arn:aws:iam::${AWS::AccountId}:root'

Did this page help you?