turbot/gcp_compliance

Control: Ensure that Cloud KMS cryptokeys are not anonymously or publicly accessible

Description

It is recommended that the IAM policy on Cloud KMS cryptokeys should restrict anonymous and/or public access.

Usage

Run the control in your terminal:

powerpipe control run gcp_compliance.control.kms_key_not_publicly_accessible

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run gcp_compliance.control.kms_key_not_publicly_accessible --share

SQL

This control uses a named query:

kms_key_not_publicly_accessible

Tags