AWS Key Management Service (kms)

2022-04-21

2 new actions, 1 new condition

Additions

Actions

GenerateMac
- Description: Controls permission to use the AWS KMS key to generate message authentication codes
- Access: Write
- Resources:
  Name: key
  
  Required: Yes
- Conditions:
  kms:CallerAccount
  
  kms:MacAlgorithm
  
  kms:RequestAlias
  
  kms:ViaService
VerifyMac
- Description: Controls permission to use the AWS KMS key to verify message authentication codes
- Access: Write
- Resources:
  Name: key
  
  Required: Yes
- Conditions:
  kms:CallerAccount
  
  kms:MacAlgorithm
  
  kms:RequestAlias
  
  kms:ViaService

Conditions

kms:MacAlgorithm
- Description: Filters access to the GenerateMac and VerifyMac operations based on the MacAlgorithm parameter in the request
- Type: String