# kms-key-policy-no-public-access
<a name="kms-key-policy-no-public-access"></a>

Checks if the Amazon KMS key policy allows public access. The rule is NON\_COMPLIANT if the KMS key policy allows public access to the KMS key. 

**Note**  
To be considered non-public, a KMS key policy must grant access only to fixed values. This means values that don't contain a wildcard or the following IAM policy element: [Variables](https://docs.amazonaws.cn/IAM/latest/UserGuide/reference_policies_variables.html#policy-vars-using-variables).

**Identifier:** KMS\_KEY\_POLICY\_NO\_PUBLIC\_ACCESS

**Resource Types:** AWS::KMS::Key

**Trigger type:** Configuration changes

**Amazon Web Services Region:** All supported Amazon regions except Asia Pacific (New Zealand), Asia Pacific (Thailand), Asia Pacific (Malaysia), Amazon GovCloud (US-East), Amazon GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), Canada West (Calgary) Region

**Parameters:**

None  

## Amazon CloudFormation template
<a name="w2aac20c16c17b7e1049c19"></a>

To create Amazon Config managed rules with Amazon CloudFormation templates, see [Creating Amazon Config Managed Rules With Amazon CloudFormation Templates](aws-config-managed-rules-cloudformation-templates.md).