diff --git a/en/aws/kms/kms-key-policy.md b/en/aws/kms/kms-key-policy.md
index 554dadcbc..5d9b6b1d7 100644
--- a/en/aws/kms/kms-key-policy.md
+++ b/en/aws/kms/kms-key-policy.md
@@ -15,14 +15,14 @@
| **Recommended Action** | Modify the KMS key policy to remove any wildcards and limit the number of users and roles that can perform encrypt and decrypt operations using the key. |
## Detailed Remediation Steps
-1. Log into the AWS Management Console.
+1. Log in to the AWS Management Console.
2. Select the "Services" option and search for KMS. 
3. Scroll down the left navigation panel and choose "Customer managed keys" under "Key Management Service". 
-4. Select the "KMS key" that needs to be verified. 
+4. Select the "KMS key" that needs to be verified. Click on the Alias of the selected KMS key to reach its configuration page.
5. On the "Customer managed keys" page scroll down and on the "Key policy" tab click on the "Switch to policy view" button. 
6. In the "key policy" tab if the "Principal" element value is set to ("AWS" : * ) and there are no Condition clauses to filter the access then the selected "KMS policy" is using wildcards. 
-7. Repeat step number 2 - 6 to verify other "KMS key" in the region.
-8. Navigate to "Customer Managed Keys" under "Key Management Service" and select the "KMS key" that needs to modify to restrict the he number of users and roles that can perform encrypt and decrypt operation and have any wildcards. 
+7. Repeat step number 2 - 6 to verify other KMS keys in the region.
+8. Navigate to "Customer Managed Keys" under "Key Management Service" and select the "KMS key" that needs to modify to restrict the number of users and roles that can perform encrypt and decrypt operation and have any wildcards.
9. On the "Customer managed keys" page scroll down and on the "Key policy" tab click on the "Switch to policy view" button and replace the "Everyone" grantee ("AWS" : * ) from the Principal element value with an "AWS account ID" or "AWS ARN" and click on the "Save" changes button. 
-10. Restrict the number of users and roles that can use the selected "KMS key" for encrypt and decrypt operations by making each application should use its own key .
+10. Restrict the number of users and roles that can use the selected "KMS key" for encrypt and decrypt operations by making each application should use its own key.
11. Repeat steps number 7 - 10 to modify the "KMS key" policy of other "KMS keys" in the selected region.
diff --git a/resources/aws/kms/kms-key-policy/step2.png b/resources/aws/kms/kms-key-policy/step2.png
index a99e4a368..d2cb78539 100644
Binary files a/resources/aws/kms/kms-key-policy/step2.png and b/resources/aws/kms/kms-key-policy/step2.png differ
diff --git a/resources/aws/kms/kms-key-policy/step3.png b/resources/aws/kms/kms-key-policy/step3.png
index fb03ce4b9..ae1286ab7 100644
Binary files a/resources/aws/kms/kms-key-policy/step3.png and b/resources/aws/kms/kms-key-policy/step3.png differ
diff --git a/resources/aws/kms/kms-key-policy/step4.png b/resources/aws/kms/kms-key-policy/step4.png
index ae5123593..4ac9a9ac9 100644
Binary files a/resources/aws/kms/kms-key-policy/step4.png and b/resources/aws/kms/kms-key-policy/step4.png differ
diff --git a/resources/aws/kms/kms-key-policy/step5.png b/resources/aws/kms/kms-key-policy/step5.png
index db5561fa0..3a7e6a0e2 100644
Binary files a/resources/aws/kms/kms-key-policy/step5.png and b/resources/aws/kms/kms-key-policy/step5.png differ
diff --git a/resources/aws/kms/kms-key-policy/step8.png b/resources/aws/kms/kms-key-policy/step8.png
index 1e9abe20c..6b95bf7b2 100644
Binary files a/resources/aws/kms/kms-key-policy/step8.png and b/resources/aws/kms/kms-key-policy/step8.png differ