AWS Key Management Service (kms)

2022-04-21

2 new actions, 1 new condition

Additions

    Actions
  • GenerateMac
    • Description:  Controls permission to use the AWS KMS key to generate message authentication codes
    • Access:  Write
    • Resources: 

      Name: key

      Required: Yes

    • Conditions: 

      kms:CallerAccount

      kms:MacAlgorithm

      kms:RequestAlias

      kms:ViaService

  • VerifyMac
    • Description:  Controls permission to use the AWS KMS key to verify message authentication codes
    • Access:  Write
    • Resources: 

      Name: key

      Required: Yes

    • Conditions: 

      kms:CallerAccount

      kms:MacAlgorithm

      kms:RequestAlias

      kms:ViaService

    Conditions
  • kms:MacAlgorithm
    • Description:  Filters access to the GenerateMac and VerifyMac operations based on the MacAlgorithm parameter in the request
    • Type:  String