Condition keys for Amazon KMS - Amazon Key Management Service
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Condition keys for Amazon KMS

You can specify conditions in the key policies and Amazon Identity and Access Management policies (IAM policies) that control access to Amazon KMS resources. The policy statement is effective only when the conditions are true. For example, you might want a policy statement to take effect only after a specific date. Or, you might want a policy statement to control access only when a specific value appears in an API request.

To specify conditions, you use condition keys in the Condition element of a policy statement with IAM condition operators. Some condition keys apply generally to Amazon; others are specific to Amazon KMS.

Note

Condition key values must adhere to the character and encoding rules for Amazon KMS key policies and IAM policies. For details about key policy document rules, see Key policy format. For details about IAM policy document rules, see IAM name requirements in the IAM User Guide..