AWS Key Management Service (kms)

2021-06-18

3 new actions, 4 new conditions | 1 updated action

Additions

    Actions
  • ReplicateKey
    • Description:  Controls permission to replicate a multi-Region primary key
    • Access:  Write
    • Resources: 

      Name: key

      Required: Yes

    • Conditions: 

      kms:CallerAccount

      kms:ReplicaRegion

      kms:ViaService
    • Dependents: 

      kms:CreateKey
  • SynchronizeMultiRegionKey
    • Description:  Controls access to internal APIs that synchronize multi-Region keys
    • Access:  Write
    • Resources: 

      Name: key

      Required: Yes

  • UpdatePrimaryRegion
    • Description:  Controls permission to update the primary Region of a multi-Region primary key
    • Access:  Write
    • Resources: 

      Name: key

      Required: Yes

    • Conditions: 

      kms:CallerAccount

      kms:PrimaryRegion

      kms:ViaService
    Conditions
  • kms:MultiRegion
    • Description:  Filters access to an API operation based on the MultiRegion property of the CMK created by or used in the operation. Use it to qualify authorization of the CreateKey operation or any operation that is authorized for a CMK resource
    • Type:  Bool
  • kms:MultiRegionKeyType
    • Description:  Filters access to an API operation based on the MultiRegionKeyType property of the CMK created by or used in the operation. Use it to qualify authorization of the CreateKey operation or any operation that is authorized for a CMK resource
    • Type:  String
  • kms:PrimaryRegion
    • Description:  Filters access to the UpdatePrimaryRegion operation based on the value of the PrimaryRegion parameter in the request
    • Type:  String
  • kms:ReplicaRegion
    • Description:  Filters access to the ReplicateKey operation based on the value of the ReplicaRegion parameter in the request
    • Type:  String

Updates

    Actions
  • CreateKey
      Conditions
    • + kms:MultiRegion
    • + kms:MultiRegionKeyType