Determining access to Amazon KMS keys

To determine the full extent of who or what currently has access to an Amazon KMS key, you must examine the key policy of the KMS key, all grants that apply to the KMS key, and potentially all Amazon Identity and Access Management (IAM) policies. You might do this to determine the scope of potential usage of a KMS key, or to help you meet compliance or auditing requirements. The following topics can help you generate a complete list of the Amazon principals (identities) that currently have access to a KMS key.

Topics

Examining the key policy
Examining IAM policies
Examining grants
Troubleshooting key access

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Hybrid post-quantum TLS

Examining the key policy