AWS Key Management Service (kms)

Additions

Actions

• DeriveSharedSecret
  
  • Description:  Controls permission to use the specified AWS KMS key to derive shared secrets
  • Access:  Write
  • Resources: 

    Name: key

    Required: Yes

  • Conditions: 

    kms:CallerAccount

    kms:KeyAgreementAlgorithm

    kms:RecipientAttestation:ImageSha384

    kms:RequestAlias

    kms:ViaService

Conditions

• kms:KeyAgreementAlgorithm
  
  • Description:  Filters access to the DeriveSharedSecret operation based on the value of the KeyAgreementAlgorithm parameter in the request
  • Type:  String