Using 'kms:Decrypt' and 'kms:ReEncryptFrom' in the action for all keys violates the principle of least privilege. This can allow misuse of KMS keys leading to unauthorized access and sensitive data exposure.
In AWS Console -
In Terraform -
References:
https://docs.aws.amazon.com/IAM/latest/UserGuide/service_code_examples_iam.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy