Home › Forums › AWS › AWS Certified Security – Specialty › Section-Based – Data Protection (Security) › Reply To: Section-Based – Data Protection (Security)
-
Hello Zackn,
Thanks for your insights.
Hmm. Interesting. It looks like AWS has reinvented the meaning of the default KMS policy. If you watch this clip (https://www.youtube.com/watch?v=X1eZjXQ55ec&t=1378s) of Matt Bretan from AWS re:invent (2017), he clearly said that the “root” in that Principal does not refer to the root user but rather delegating KMS permissions to IAM.
It appears that the KMS documentation has been updated.
We will look into this and apply the necessary change.
Regards,
Carlo @ Tutorials Dojo
- This reply was modified 3 years, 3 months ago by Carlo-TutorialsDojo.