Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Ensure Managed IAM Policies Should Not Allow Blocked Actions on KMS Keys Rule

This rule ensures that managed IAM policies do not permit blocked actions on KMS keys.

RuleEnsure managed IAM policies should not allow blocked actions on KMS keys
FrameworkFedRAMP Moderate Revision 4
Severity
Medium

Rule Description

This rule is designed to ensure that managed IAM policies do not allow blocked actions on Key Management Service (KMS) keys for FedRAMP Moderate Revision 4 compliance.

KMS keys are used to encrypt and decrypt data in AWS services. To comply with FedRAMP Moderate security requirements (per Revision 4), it is crucial to prevent any unauthorized or blocked actions on KMS keys. This ensures the confidentiality and integrity of sensitive data stored in AWS.

Troubleshooting Steps

If this rule is violated, here are the troubleshooting steps you can follow:

  2. 1.
    Identify the managed IAM policies associated with KMS keys.
  4. 2.
    Review the blocked actions that are being allowed by the policy.
  6. 3.
    Determine the potential impact of these blocked actions on KMS keys and related resources.
  8. 4.
    Investigate if any unauthorized or risky access has been granted to users or roles.
  10. 5.
    Analyze the overall security posture of the affected resources.
  12. 6.
    Evaluate the current IAM policies and assess why these blocked actions are permitted.
  14. 7.
    Audit and analyze existing CloudTrail logs to identify any unauthorized or suspicious activities.
  16. 8.
    Based on the findings, take appropriate action to remediate the issue.

Necessary Codes

If necessary, you can use the AWS Command Line Interface (CLI) to audit, analyze, and remediate the policy violations for KMS keys. Here are some relevant commands:

  2. 1.
    To list all managed policies associated with KMS keys:
aws kms list-key-policies --key-id <key-id>
  2. 1.
    To view the policy associated with a particular KMS key:
aws kms get-key-policy --key-id <key-id> --policy-name <policy-name>
  2. 1.
    To update the key policy to remove blocked actions:
aws kms put-key-policy --key-id <key-id> --policy-name <policy-name> --policy <policy-json>

Replace 

<key-id>
with the ID of the KMS key, 
<policy-name>
with the name of the policy, and 
<policy-json>
with the updated policy in JSON format.

Remediation Steps

To remediate the violation of this rule, you need to follow these steps:

  2. 1.
    Identify the managed policies associated with KMS keys that allow blocked actions.
  4. 2.
    Analyze the impact of these blocked actions on the security of KMS keys and related resources.
  6. 3.
    Determine the specific IAM policy or policies that need to be modified.
  8. 4.
    Update the relevant IAM policy or policies to remove the blocked actions.
  10. 5.
    Review the policy changes to ensure they comply with FedRAMP Moderate Revision 4 requirements.
  12. 6.
    Test the updated policies to validate that the blocked actions have been effectively restricted.
  14. 7.
    Monitor and audit CloudTrail logs to ensure no unauthorized or blocked actions are being performed on KMS keys.
  16. 8.
    Regularly review and update the IAM policies to maintain compliance and security.

Note: It is recommended to test the policy changes in a non-production environment before applying them to critical resources.

By following these steps and using the provided CLI commands, you can effectively remediate the violation of the managed IAM policies allowing blocked actions on KMS keys for FedRAMP Moderate Revision 4 compliance.

Is your System Free of Underlying Vulnerabilities?
Find Out Now