Copilot deploys two IAM roles that are triggering the above alert in Security Hub which has medium severity. The roles are:
EnvManagerRoleCFNExecutionRole
Can this be addressed in future releases so that this isn't a security concern?
Thanks,
Andre
[KMS.2] Checks whether the inline policies embedded in your IAM principals (Role/User/Group) allow the AWS Key Management Service (KMS) decryption actions on all KMS keys. This control fails if kms:Decrypt or kms:ReEncryptFrom actions are allowed on all KMS keys in an inline policy.
Copilot deploys two IAM roles that are triggering the above alert in Security Hub which has medium severity. The roles are:
EnvManagerRoleCFNExecutionRoleCan this be addressed in future releases so that this isn't a security concern?
Thanks,
Andre
[KMS.2] Checks whether the inline policies embedded in your IAM principals (Role/User/Group) allow the AWS Key Management Service (KMS) decryption actions on all KMS keys. This control fails if kms:Decrypt or kms:ReEncryptFrom actions are allowed on all KMS keys in an inline policy.