Menu
AWS Identity and Access Management
User Guide

Actions and Condition Context Keys for AWS Key Management Service

AWS Key Management Service provides the following service-specific actions and condition context keys for use in IAM policies.

Actions for AWS Key Management Service

For information about using the following AWS KMS API actions in an IAM resource policy attached to a AWS KMS key, see Key Policies in the AWS Key Management Service Developer Guide.

Condition context keys for AWS Key Management Service

AWS Key Management Service has the following service-specific context keys that can be used in an IAM policy. For the list of the global condition context keys that are available to all services, see Available Global Condition Keys in the IAM Policy Elements Reference.

  • kms:BypassPolicyLockoutSafetyCheck

  • kms:EncryptionContextKeys

  • kms:EncryptionContext

  • kms:CallerAccount

  • kms:GrantOperations

  • kms:GrantConstraintType

  • kms:GrantIsForAWSResource

  • kms:ReEncryptOnSameKey

  • kms:ViaService