Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

Manage AWS KMS Access

0

Being an AWS Administrator I want to avoid giving AWS KMS Access to developers. Is there a work around or some automated process that we can follow incase we don't want to give AWS KMS access to developers even if they are using KMS keys in there code.

Any suggestions or ideas are highly appreciated !!

Argomenti
Sicurezza, identità e conformità
Tag
Servizio di gestione delle chiavi AWS
Lingua
English
Ravi Shanker
posta un anno fa307 visualizzazioni
1 Risposta
0

Hi,

have a read at this: https://repost.aws/knowledge-center/share-kms-account.

The basic idea would be to get to order KMS keys from a central account managed by - let’s say - operations team and not accessible to developers.

This account will store keys and will contain KMS policies that would allow the team to use the key in their account, which can be changed by developers only by approval of ops team.

KMS keys will be shared across accounts so you can get their ARN and use it.

Hope it helps ;)

profile picture
ESPERTO
Antonio_Lagrotteria
con risposta un anno fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente