Data at risk

KMS CMK is exposed

Risk Level

Hazardous (3)

Platform(s)
Compliance Frameworks

Description

It was found that {AwsKmsKey} is exposed. A master key is considered exposed when one of the statements in the key policy contain 'AWS: *'. Ensure Amazon KMS master keys are not exposed to everyone.

  • Recommended Mitigation

    It is recommended to restrict KMS master keys access according to the least privileges principal. By being public, the master key is exposed to enumeration and stealing attempts.

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.