AWS Key Management Service (kms)

2022-03-04

2 new conditions | 4 updated actions, 1 updated resource

Additions

    Conditions
  • aws:RequestTag/${TagKey}
    • Description:  Filters access to the specified AWS KMS operations based on both the key and value of the tag in the request
    • Type:  String
  • aws:TagKeys
    • Description:  Filters access to the specified AWS KMS operations based on tag keys in the request
    • Type:  ArrayOfString

Updates

    Actions
  • CreateGrant
      Conditions
    • + kms:EncryptionContext:${EncryptionContextKey}
    • + kms:EncryptionContextKeys
    • + kms:GranteePrincipal
    • + kms:GrantOperations
    • + kms:RetiringPrincipal
  • CreateKey
      Conditions
    • + aws:ResourceTag/${TagKey}
    • + aws:RequestTag/${TagKey}
    • + aws:TagKeys
    • + kms:KeySpec
    • + kms:KeyUsage
    • + kms:KeyOrigin
    • + kms:MultiRegion
    • + kms:MultiRegionKeyType
  • TagResource
      Conditions
    • + aws:RequestTag/${TagKey}
    • + aws:TagKeys
  • UntagResource
      Conditions
    • + aws:TagKeys
    Resources
  • key
      Conditions
    • + aws:ResourceTag/${TagKey}
    • + kms:KeyOrigin
    • + kms:KeySpec
    • + kms:KeyUsage
    • + kms:MultiRegion
    • + kms:MultiRegionKeyType
    • + kms:ResourceAliases