Required AWS Permissions for AWS KMS Key Creation

Product version: 10.10

Last modified: 16 August 2023

Question

What permissions do I need to create the AWS KMS key?

Answer

The following permissions are required to create the KMS key:

kms:ListAliases

kms:CreateKey

kms:CreateAlias

kms:PutKeyPolicy

kms:TagResource

kms:ListKeys

kms:Encrypt

kms:Decrypt

kms:DescribeKey

tag:GetResources

iam:CreateServiceLinkedRole

iam:ListUsers

iam:ListRoles

For additional information regarding KMS keys creation process refer to this article.