AWS Key Management Service (kms)

2024-04-17

2 new actions, 1 new condition | 1 updated action

Additions

Actions

ListKeyRotations
- Description: Controls permission to view the list of completed key rotations for an AWS KMS key
- Access: List
- Resources:
  Name: key
  
  Required: Yes
- Conditions:
  kms:CallerAccount
  
  kms:ViaService
RotateKeyOnDemand
- Description: Controls permission to invoke on-demand rotation of the cryptographic material in an AWS KMS key
- Access: Write
- Resources:
  Name: key
  
  Required: Yes
- Conditions:
  kms:CallerAccount
  
  kms:ViaService

Conditions

kms:RotationPeriodInDays
- Description: Filters access to the EnableKeyRotation operation based on the value of the RotationPeriodInDays parameter in the request
- Type: Numeric

Updates

Actions

EnableKeyRotation
- ＋ kms:RotationPeriodInDays