By Implementation

Service Control PoliciesConfig RulesAuto Remediation RulesConformance PacksAmazon GuardDutyAmazon InspectorAWS Security HubAWS Network FirewallRoute53 Resolver SecurityAmazon MacieS3 Bucket PoliciesCloudWatch Alarms and Event RulesAWS WAFAWS Secrets ManagerAWS Systems ManagerSecurity Groups & NACLsAWS KMSIAM Policies

By Service Protected

Configuration Packages

Strategy Guides

Other

IAM Policies

Allow a User to Encrypt and Decrypt with Specific CMKs

An IAM policy that allows IAM users to successfully request that AWS KMS encrypt and decrypt data with a specific CMK.

AWS Documentation
Missing Parameters
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "kms:Encrypt",
                "kms:Decrypt"
            ],
            "Resource": [
                "arn:aws:kms:::key/"
            ],
            "Effect": "Allow"
        }
    ]
}

Actions



Customize Template

Policy Parameters

* Required field