#security - September 2022

Anyone using this solution? It's free apparently. Surprised I hadn't heard of it. I'm mostly familiar with OPA
Checkmarx Infra as Code Scanning https://checkmarx.com/product/opensource/kics-open-source-infrastructure-as-code-project/

Hi all, I created a kms key for encrypted sns topics. Is this policy secure enough ?

EncryptionKey:
DeletionPolicy: Delete
Type: AWS::KMS::Key
Properties:
KeyPolicy:
Version: 2012-10-17
Id: !Ref AWS::StackName
Statement:
- Effect: Allow
Principal:
AWS:
- !Sub "arn:${AWS::Partition}:iam::${AWS::AccountId}:root"
Action: 'kms:*'
Resource: '*'
- Effect: Allow
Principal:
Service:
- cloudwatch.amazonaws.com
Action:
- 'kms:Decrypt'
- 'kms:GenerateDataKey*'
Resource: '*'
EnableKeyRotation: true