Control: IAM policy should not grant full access to KMS service
Description
KMS is a critical service and IAM policies should follow least privilege model for this service in particular. This control is non-compliant if the managed IAM policy allows full access to KMS service.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.iam_policy_no_full_access_to_kmsSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.iam_policy_no_full_access_to_kms --shareSQL
This control uses a named query:
iam_policy_no_full_access_to_cloudtrail