KMS
KMS overview and attacks
Encrypt and Decrypt data with KMS Key
Encrypt Data
Decrypt Data
kms:CreateGrant
With this action available, you can provide yourself a Grant to a KMS key and effectively give yourself access.
Grants are considered along with key policies and IAM policies and often used for temporary permissions because you can create one, use its permissions, and delete it without changing your key policies or IAM policies.
kms:PutKeyPolicy
With this action available, you can update or replace the Key Policy for a KMS key to give yourself permissions.
Last updated