| Plugin Title | KMS Key Policy |
| Cloud | AWS |
| Category | KMS |
| Description | Validates the KMS key policy to ensure least-privilege access. |
| More Info | KMS key policies should be designed to limit the number of users who can perform encrypt and decrypt operations. Each application should use its own key to avoid over exposure. |
| AWS Link | http://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html |
| Recommended Action | Modify the KMS key policy to remove any wildcards and limit the number of users and roles that can perform encrypt and decrypt operations using the key. |