Certified Security - Specialty

Sign Up Free or Log In to participate!

KMS Key Policy in Certified Security Specialty Course

In the discussion about KMS key policy, Mike mentions that root does not have access unless specified in the policy and highlights the danger of root not having access, but root has full permissions by default so not sure it’s necessary to put the bullet below in the slide and sound the alarm. I suppose an argument could be made that Mike is warning you about the implications of removing root from the policy. If that’s the case, I think the discussion and slide could be modified to make that clearer. 

  • Root does not have access unless they’re specified in the Key Policy

1 Answers

So the bullet point it correct.  But as you say the access may be added by default, but only if you don’t specify an alternative.  

In an environment where CLI and API is used, and where policy documents are provided as an input of course, you won’t get that default.

I think it’s a good point to highlight, as its one of the only places (if not the only place) where you can lock out the root user.

Thoughts?

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?