By Implementation

Service Control PoliciesConfig RulesAuto Remediation RulesConformance PacksAmazon GuardDutyAmazon InspectorAWS Security HubAWS Network FirewallRoute53 Resolver SecurityAmazon MacieS3 Bucket PoliciesCloudWatch Alarms and Event RulesAWS WAFAWS Secrets ManagerAWS Systems ManagerSecurity Groups & NACLsAWS KMSIAM PoliciesAmazon ECRRDS Event Subscriptions

By Service Protected

Configuration Packages

Strategy Guides

Other

IAM Policies

Allow a User to Encrypt and Decrypt with Any CMK in a Specific AWS Account and Region

An IAM policy that allows IAM users o successfully request that AWS KMS encrypt and decrypt data with any CMK in the specified AWS account and region.

Premium: 15-minute comprehensive assessment for your AWS Organization and Accounts
Missing Parameters
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "kms:Encrypt",
                "kms:Decrypt"
            ],
            "Resource": [
                "arn:aws:kms:::key/*"
            ],
            "Effect": "Allow"
        }
    ]
}

Actions



Customize Template

Policy Parameters

* Required field