Granting permissions to create a KMS key
You can grant users permission to create an Amazon KMS key with the
AWSKeyManagementServicePowerUser
policy.
To grant permission to create a KMS key
Open the IAM console at https://console.amazonaws.cn/iam/
. -
Choose the group or user that you want to give permission.
-
Choose Permissions, and then choose Attach Policy.
-
Search for AWSKeyManagementServicePowerUser, choose the policy, and then choose Attach policy.
The user now has permission to create a KMS key. For more information about creating policies, see Creating IAM policies in the IAM User Guide.