Granting permissions to create a KMS key

You can grant users permission to create an AWS KMS key with the AWSKeyManagementServicePowerUser policy.

Open the IAM console at https://console.aws.amazon.com/iam/.
Choose the group or user that you want to give permission.
Choose Permissions, and then choose Attach Policy.
Search for AWSKeyManagementServicePowerUser, choose the policy, and then choose Attach policy.

The user now has permission to create a KMS key. If you want to create custom policies for your users, see Creating Customer Managed Policies in the IAM User Guide.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Encrypting CloudTrail log files with AWS KMS keys (SSE-KMS)

Configure AWS KMS key policies for CloudTrail