Identify any publicly accessible AWS Key Management Service master keys and update their access policy in order to stop any unsigned requests made to these resources.
Allowing anonymous access to your AWS KMS keys is considered bad practice and can lead to sensitive data leakage. One common scenario is when an AWS user grants permissions to everyone for using the KMS key but forgets adding the Condition clauses to the key policy in order to filter the access to certain accounts.
To determine if your AWS KMS master keys are opened to the world, perform the following:
To block anonymous access to your Amazon KMS master keys, perform the following: