AWS CloudTrail
User Guide (Version 1.0)

Granting Permissions to Create a CMK

You can grant users permission to create a customer master key (CMK) with the AWSKeyManagementServicePowerUser policy.

To grant permission to create a CMK

  1. Open the IAM console at

  2. Choose the group or user that you want to give permission.

  3. Choose Permissions, and then choose Attach Policy.

  4. Search for AWSKeyManagementServicePowerUser, choose the policy, and then choose Attach policy.

    The user now has permission to create a CMK. If you want to create custom policies for your users, see Creating Customer Managed Policies in the IAM User Guide.