cloudonaut cover image

cloudonaut

#085 Losing trust in KMS

Feb 1, 2024
Andreas and Michael are losing trust in KMS due to a key policy privilege escalation. They discuss the limitations of AWS Management Console and the potential integration with AWS Marketplace solutions. Additionally, they highlight AWS news, including support for reserved capacity in CodeBuild and new encryption mechanisms for containers in AWS.
32:40

Podcast summary created with Snipd AI

Quick takeaways

  • KMS key policy privilege escalation raises concerns about the trustworthiness of AWS's encryption service.
  • Limited ability to customize the UI hinders developers and partners from creating a more personalized user experience on AWS.

Deep dives

Key Policy and Access Control in AWS KMS

AWS KMS offers two types of keys: customer managed keys and built-in default keys. The main difference is that customer managed keys allow for changeable key policies, granting more control. However, if changes to the key policy are made and access is accidentally locked out, recovering from a key policy issue can be problematic. There is no built-in recovery mechanism like there is for deleting keys. Additionally, it has been discovered that modifying the key policy can grant unauthorized access, highlighting potential risks and concerns. This raises questions about the effectiveness and trustworthiness of KMS as an encryption service.

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.
App store bannerPlay store banner