You're reading from AWS Security Cookbook Practical solutions for securing AWS cloud infrastructure with essential services and best practices

Product type Paperback

Published in Oct 2024

Last Updated in Feb 2025

Publisher Packt

ISBN-13 9781835081891

Length 428 pages

Edition 2nd Edition

Concepts

Cloud Security

Author (1):

Kanikathottu

View More author details

Table of Contents (13) Chapters

Preface

1. Chapter 1: Setting Up AWS Accounts and Organization

2. Chapter 2: Access Management with IAM Policies and Roles FREE CHAPTER

3. Chapter 3: Key Management with KMS and CloudHSM

4. Chapter 4: Securing Data on S3 with Policies and Techniques

5. Chapter 5: Network and EC2 Security with VPCs

6. Chapter 6: Web Security Using Certificates, CDNs, and Firewalls

7. Chapter 7: Monitoring with CloudWatch, CloudTrail, and Config

8. Chapter 8: Compliance with GuardDuty, Macie, Inspector, and Analyzer

9. Chapter 9: Advanced Identity and Directory Management

10. Chapter 10: Additional Services and Practices for AWS Security

11. Index

Why subscribe?

12. Other Books You May Enjoy

Using key policies with conditional keys

In this recipe, we will learn how to use key policies, especially with conditions. Resource-based policies for KMS keys are called key policies. When managing access to KMS resources, we can use key policies alone, or we can use IAM policies and grants along with key policies. Unlike other resource-based policies such as bucket policies, which are not mandatory, key policies are mandatory to manage and use keys. When a key is created, a default key policy is created by AWS, as we saw in the Creating keys in KMS recipe.

Getting ready

We’ll need the following to complete this recipe:

A working AWS account, awsseccb-sandbox-1, and a user, awsseccbadmin1, as described in the Technical requirements section.
An S3 bucket created in the us-east-1 region. I will use a bucket called awssecuritykmsbucket.