Condition keys for Amazon KMS
You can specify conditions in the key policies and IAM policies that control access to Amazon KMS resources. The policy statement is effective only when the conditions are true. For example, you might want a policy statement to take effect only after a specific date. Or, you might want a policy statement to control access only when a specific value appears in an API request.
To specify conditions, you use condition keys in the Condition
element of a policy statement with IAM condition
operators. Some condition keys apply generally to Amazon; others are specific to
Amazon KMS.
Condition key values must adhere to the character and encoding rules for Amazon KMS key policies and IAM policies. For details about key policy document rules, see Key policy format. For details about IAM policy document rules, see IAM name requirements in the IAM User Guide..