Minimalist AWS multi-account cloud leveraging CloudFormation and Lambda.
GNU General Public License v3.0
4
stars
1
forks
source link
CloudTrail KMS Key should further restrict permisions with Condition kms:EncryptionContext:aws:cloudtrail:arn #9
Open
tomwwright opened 4 years ago
Condition kms:EncryptionContext:aws:cloudtrail:arn can be used in KMS Key Policy to restrict access from CloudTrail in specific accounts
https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-encryption-context
Unsure as to whether all Account IDs need to be listed if using an Organization CloudTrail (encryption context might always be master account)