28 June 2021 - Rule Update Notice
From Thursday 24th June at 5:55 am UTC to Monday 28th June 10:19 am UTC, the Rule: KMS-006: KMS Cross Account Access generated false positives (incorrect failures) in the following scenarios:
We have made the following rule updates to resolve the issue.
1. KMS-006: KMS Cross Account Access
a. Will no longer generate checks for:
b. Will generate checks for:
We’ve also updated the Knowledge Base for the rule to reflect these updates.
As AWS allows KMS policies to include the wildcard principle and condition statements to enable restricted cross-account access, Conformity will work towards optimizing the rule by adding more policy condition scenarios in the future.
2. Conformity has stopped evaluating AWS Managed Keys in the scenarios mentioned above implying no checks will be produced for any AWS Managed Keys in the following rules:
There is no change to the custom policy as a result of the latest deployment. The current custom policy is version 1.31.