Policy: GCP > KMS > Crypto Key > Policy > Trusted Access
Check or Enforce access checking on the GCP KMS Crypto Key policy.
Google Cloud IAM allows you to control who has access to the kms crypto key via an IAM Policy. The Trusted Access policy allows you to configure whether Guardrails will evaluate or enforce restrictions on which members are allowed to be granted access.
If enabled, the members in the IAM policy will be evaluated against the list of allowed members in each of the Trusted Access sub-policies (Trusted Access > Domains, Trusted Access > Groups, etc).
If set to "Enforce: Trusted Access > *", access to non-trusted members will be removed.
Resource Types
This policy targets the following resource types:
Primary Policy
This policy is used with the following primary policy:
Related Policies
Controls
Policy Packs
This policy setting is used by the following policy packs:
- GCP CIS v2.0.0 - Section 1 - Identity and Access Management
- Enforce GCP KMS Crypto Keys Are Not Publicly Accessible
Policy Specification
Schema Type |
|
---|---|
Default |
|
Valid Values [YAML] |
|
Category
In Your Workspace
Developers
- tmod:@turbot/turbot#/control/categories/securityTrustedAccess
- tmod:@turbot/gcp-kms#/policy/types/cryptoKeyPolicyTrustedAccess
- turbot graphql policy-type --id "tmod:@turbot/gcp-kms#/policy/types/cryptoKeyPolicyTrustedAccess"
- turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/gcp-kms#/policy/types/cryptoKeyPolicyTrustedAccess"
Get Policy TypeGet Policy Settings