Ensure That Cloud KMS Cryptokeys Are Not Anonymously or Publicly Accessible

It is recommended that the IAM policy on Cloud KMS cryptokeys should restrict anonymous and/or public access. Granting permissions to allUsers or allAuthenticatedUsers allows anyone to access the dataset. Such access might not be desirable if sensitive data is stored at the location. In this case, ensure that anonymous and/or public access to a Cloud KMS cryptokey is not allowed. Impact Statement- Removing the binding for allUsers and allAuthenticatedUsers members denies accessing cryptokeys to anonymous or public users.