Granting permissions to create a KMS key - Amazon CloudTrail
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Granting permissions to create a KMS key

You can grant users permission to create an Amazon KMS key with the AWSKeyManagementServicePowerUser policy.

To grant permission to create a KMS key
  1. Open the IAM console at https://console.amazonaws.cn/iam/.

  2. Choose the group or user that you want to give permission.

  3. Choose Permissions, and then choose Attach Policy.

  4. Search for AWSKeyManagementServicePowerUser, choose the policy, and then choose Attach policy.

    The user now has permission to create a KMS key. If you want to create custom policies for your users, see Creating Customer Managed Policies in the IAM User Guide.