Aqua CSPM

KMS User Separation

Quick Info

Plugin TitleKMS User Separation
CloudGOOGLE
CategoryIAM
DescriptionEnsures that no users have the KMS admin role and any one of the CryptoKey roles.
More InfoEnsuring that no users have the KMS admin role and any one of the CryptoKey roles follows separation of duties, where no user should have access to resources out of the scope of duty.
GOOGLE Linkhttps://cloud.google.com/iam/docs/overview
Recommended ActionEnsure that no service accounts have both the KMS admin role and any of CryptoKey roles attached.

Detailed Remediation Steps