You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@@ -42,9 +42,9 @@ These defines **who can use and access a key in KMS**.
By **default:**
* It gives the **AWS account that owns the KMS key full access** to the KMS key.
* It gives the **IAM of the****AWS account that owns the KMS key access** to manage the access to the KMS key via IAM.
Unlike other AWS resource policies, a AWS **KMS key policy does not automatically give permission to the account or any of its users**. To give permission to account administrators, the **key policy must include an explicit statement** that provides this permission, like this one.
Unlike other AWS resource policies, a AWS **KMS key policy does not automatically give permission any of the principals of the account**. To give permission to account administrators, the **key policy must include an explicit statement** that provides this permission, like this one.
* Without allowing the account(`"AWS": "arn:aws:iam::111122223333:root"`) IAM permissions won't work.
* It **allows the account to use IAM policies** to allow access to the KMS key, in addition to the key policy.
