Open pabhermoso opened 3 months ago
When building the Encryption Stack, there is an overly permissive role for the logs:
{ "Action": [ "kms:Decrypt", "kms:Encrypt", "kms:GenerateDataKey", "kms:ReEncrypt" ], "Effect": "Allow", "Principal": { "Service": "logs.eu-west-1.amazonaws.com" }, "Resource": "*" }
Detail for security least priviledge.
No response
CDK
Describe the feature
When building the Encryption Stack, there is an overly permissive role for the logs:
{ "Action": [ "kms:Decrypt", "kms:Encrypt", "kms:GenerateDataKey", "kms:ReEncrypt" ], "Effect": "Allow", "Principal": { "Service": "logs.eu-west-1.amazonaws.com" }, "Resource": "*" }
Use Case
Detail for security least priviledge.
Proposed Solution
No response
Other Information
No response
Acknowledgements
Environment details (OS name and version, etc.)
CDK