KMS Key Policy too broad

Question

KMS Key Policy too broad

Closed this issue 2 years ago · 2 comments

Hi there, according to everything I've read online, it's not a good thing to allow * AWS accounts to have access to the KMS key-- the default is root of the current AWS account.

https://github.com/masterpointio/terraform-aws-ssm-agent/blob/master/main.tf#L175

Answer 1 · 2022-03-28T18:26:10.000Z

@arjitj2 this is a great point -- I would love a PR to fix this. Mind putting one up?

Answer 2 · 2023-01-24T18:11:53.000Z

@gberenice if you get the chance as part of your current PR, it might be worth to address this.