Granting permissions to create a KMS key
You can grant users permission to create an AWS KMS key with the
AWSKeyManagementServicePowerUser
policy.
To grant permission to create a KMS key
Open the IAM console at https://console.aws.amazon.com/iam/
. -
Choose the group or user that you want to give permission.
-
Choose Permissions, and then choose Attach Policy.
-
Search for AWSKeyManagementServicePowerUser, choose the policy, and then choose Attach policy.
The user now has permission to create a KMS key. If you want to create custom policies for your users, see Creating Customer Managed Policies in the IAM User Guide.