Plugin Title KMS User Separation
Cloud GOOGLE
Category IAM
Description Ensures that no users have the KMS admin role and any one of the CryptoKey roles.
More Info Ensuring that no users have the KMS admin role and any one of the CryptoKey roles follows separation of duties, where no user should have access to resources out of the scope of duty.
AWS Link https://cloud.google.com/iam/docs/overview
Recommended Action Ensure that no service accounts have both the KMS admin role and any of CryptoKey roles attached.


Detailed Remediation Steps

Want to scan for this risk automatically?

Get Started Now