Policy: GCP > KMS > Key Ring > Policy > Trusted Access
Check or Enforce access checking on the GCP KMS Key Ring policy.
Google Cloud IAM allows you to control who has access to the kms key ring via an IAM Policy. The Trusted Access policy allows you to configure whether Guardrails will evaluate or enforce restrictions on which members are allowed to be granted access.
If enabled, the members in the IAM policy will be evaluated against the list of allowed members in each of the Trusted Access sub-policies (Trusted Access > Domains, Trusted Access > Groups, etc).
If set to "Enforce: Trusted Access > *", access to non-trusted members will be removed.
Resource Types
This policy targets the following resource types:
Primary Policy
This policy is used with the following primary policy:
Related Policies
Controls
Policy Specification
Schema Type |
|
---|---|
Default |
|
Valid Values [YAML] |
|
Category
In Your Workspace
Developers
- tmod:@turbot/turbot#/control/categories/securityTrustedAccess
- tmod:@turbot/gcp-kms#/policy/types/keyRingPolicyTrustedAccess
- turbot graphql policy-type --id "tmod:@turbot/gcp-kms#/policy/types/keyRingPolicyTrustedAccess"
- turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/gcp-kms#/policy/types/keyRingPolicyTrustedAccess"
Get Policy TypeGet Policy Settings
Category URI
Policy Type URI
GraphQL
CLI