Granting permissions to create a KMS key

You can grant users permission to create an AWS KMS key with the AWSKeyManagementServicePowerUser policy.

Open the IAM console at https://console.aws.amazon.com/iam/.
Choose the group or user that you want to give permission.
Choose the Permissions tab.
From the Add permissions list, choose Attach policies.
Search for AWSKeyManagementServicePowerUser, choose the policy, and then choose Attach policies.

The user now has permission to create a KMS key. For more information about creating policies, see Creating IAM policies in the IAM User Guide.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Encrypting CloudTrail log files, digest files, and event data stores with AWS KMS keys (SSE-KMS)

Configure AWS KMS key policies for CloudTrail