A proper access policy should be configured for the KMS keys so that only necessary individuals have access. This should follow the policy of least privilege.
In AWS Console -
In Terraform -
References:
https://docs.aws.amazon.com/kms/latest/developerguide/security-iam.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key