kms-key-policy-no-public-access - Amazon Config
Amazon CloudFormation template
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

kms-key-policy-no-public-access

Checks if the Amazon KMS key policy allows public access. The rule is NON_COMPLIANT if the KMS key policy allows public access to the KMS key.

Note

To be considered non-public, a KMS key policy must grant access only to fixed values. This means values that don't contain a wildcard or the following IAM policy element: Variables.

Identifier: KMS_KEY_POLICY_NO_PUBLIC_ACCESS

Resource Types: AWS::KMS::Key

Trigger type: Configuration changes

Amazon Web Services Region: All supported Amazon regions except Asia Pacific (Thailand), Asia Pacific (Malaysia), Amazon GovCloud (US-East), Amazon GovCloud (US-West), Mexico (Central), Canada West (Calgary) Region

Parameters:

None

Amazon CloudFormation template

To create Amazon Config managed rules with Amazon CloudFormation templates, see Creating Amazon Config Managed Rules With Amazon CloudFormation Templates.