March 31, 2024, 11:49 p.m. | Matheus Almeida Costa

DEV Community dev.to

The objective of this article is to implement KMS key access security for AWS Identity and Access Management (IAM) identities by changing the default policy when provisioning the resource with Terraform.


This is a practical example, so I first recommend recommend read this post to better understand the objective of restricted key policy.


Note: This article demonstrates the AWS account ID 123456789012 with existing role named TERRAFORM, ADMIN and ANALYST. These values must be replaced for your environment.


The …

access access management access security article aws aws identity aws identity and access management changing default iam identities identity identity and access identity and access management key kms management policy resource security terraform understand

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations

Information Security Engineers

@ D. E. Shaw Research | New York City

Security Engineer, Incident Response

@ Databricks | Remote - Netherlands

Associate Vulnerability Engineer - Mid-Atlantic region (Part-Time)

@ GuidePoint Security LLC | Remote in VA, MD, PA, NC, DE, NJ, or DC

Data Security Architect

@ Accenture Federal Services | Washington, DC

Identity Security Administrator

@ SailPoint | Pune, India