AWS Key Management Service (kms)

2022-01-12

2 new conditions | 9 updated actions

Additions

    Conditions
  • kms:EncryptionContext:${EncryptionContextKey}
    • Description:  Filters access to a symmetric AWS KMS key based on the encryption context in a cryptographic operation. This condition evaluates the key and value in each key-value encryption context pair
    • Type:  String
  • kms:RecipientAttestation:ImageSha384
    • Description:  Filters access to the Decrypt, GenerateDataKey, and GenerateRandom operations based on the image hash in the attestation document in the request
    • Type:  String

Updates

    Actions
  • Decrypt
      Conditions
    • + kms:EncryptionContext:${EncryptionContextKey}
    • + kms:RecipientAttestation:ImageSha384
  • Encrypt
      Conditions
    • + kms:EncryptionContext:${EncryptionContextKey}
  • GenerateDataKey
      Conditions
    • + kms:EncryptionContext:${EncryptionContextKey}
    • + kms:RecipientAttestation:ImageSha384
  • GenerateDataKeyPair
      Conditions
    • + kms:EncryptionContext:${EncryptionContextKey}
  • GenerateDataKeyPairWithoutPlaintext
      Conditions
    • + kms:EncryptionContext:${EncryptionContextKey}
  • GenerateDataKeyWithoutPlaintext
      Conditions
    • + kms:EncryptionContext:${EncryptionContextKey}
  • ReEncryptFrom
      Conditions
    • + kms:EncryptionContext:${EncryptionContextKey}
  • ReEncryptTo
      Conditions
    • + kms:EncryptionContext:${EncryptionContextKey}
  • GenerateRandom
      Conditions
    • + kms:RecipientAttestation:ImageSha384