le-tf-infra-aws icon indicating copy to clipboard operation
le-tf-infra-aws copied to clipboard

Published 20 hours ago verified publisher icon binbashar

Review our KMS reference implementation to make sure we follow key best practices

Open diego-ojeda-binbash opened this issue 6 months ago • 0 comments

Describe the Feature

Review our KMS reference implementation to make sure we follow key best practices such as the following:

  • When the principal in a key policy statement is an AWS service principal, we strongly recommend that you use the aws:SourceArn or aws:SourceAccount global condition keys, in addition to the kms:EncryptionContext:context-key condition key. => https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-services.html
  • https://docs.aws.amazon.com/kms/latest/developerguide/best-practices.html
  • https://docs.aws.amazon.com/prescriptive-guidance/latest/encryption-best-practices/kms.html
  • https://www.linkedin.com/pulse/securing-cloud-aws-kms-best-practices-jennifer-grey-gqogf/

diego-ojeda-binbash avatar Jul 29 '24 13:07 diego-ojeda-binbash