senyberg
commented
1 month ago It is possible I have misunderstood what "BypassPolicyLockoutSafetyCheck" does. But otherwise the feature request stands, when giving a key policy, I would like to see a way to not include the default key policy.
Is your feature request related to a problem? Please describe. Currently you cannot bypass the KMS default key policy, which is very broad (allow all for same account). Which means that I cannot create CMK's through LZA with tighter policy.
Describe the feature you'd like Add support for "BypassPolicyLockoutSafetyCheck" (from Cloudformation).