Our group wants to store keys by using AWS KMS for prevent one of us from using the key without permission.
We wants to configure a system that it needs everyone's approval when anyone uses the key.
I think we can acheive this by using AWS Systems Manager or any other external application.
But I think the person who can access as root user still can use the key if he try.
I know we can set up MFA and separate the MFA device from the person who knows password of root user, but i think it doesn't become a solution to the root of the problem.
So, is there any service or idea that prevent root user from using the key freely?