By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

KMS - Best practice on using root principal in Key policy

0

What are the best practices from AWS on using root Principle (delegate all access to IAM) vs tightly scoped individual IAM principles. what is the best practice from AWS on using root principle in Key Policy? Is it better to delegate access to IAM (aka root principle) or use tightly scoped principles for each individual IAM policy access?

Topics
Security, Identity, & Compliance
Tags
AWS Key Management ServiceAWS Identity and Access ManagementIAM Policies
Language
English
AWS
rePost-User-6871795
asked 20 days ago55 views
1 Answer
4

Below the best practices by AWS:

• Enable IAM Policies: AWS recommends enabling IAM policies in the key policy for most use cases, as it simplifies access management. • Use Least Privilege: Whether using the root principal or individual principals, always follow the principle of least privilege to minimize security risks. • Audit and Monitor: Regularly review key policies and IAM policies to ensure they align with your security and compliance requirements.

https://docs.aws.amazon.com/prescriptive-guidance/latest/encryption-best-practices/kms.html

https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html

EXPERT
Kidd Ip
answered 20 days ago
  • rePost-User-6871795
    19 days ago

    Hi, The pointed question is "Is it better to delegate access to IAM (aka root principle) or use tightly scoped principles for each individual IAM policy access?" - Is there any prescriptive guidance to answer this specific question ? Thanks.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content