CloudWatch / Client / exceptions / KmsAccessDeniedException

KmsAccessDeniedException

class CloudWatch.Client.exceptions.KmsAccessDeniedException

The operation was denied because either the calling principal lacks the required Amazon Web Services Key Management Service (Amazon Web Services KMS) permission on the key, or the key policy does not grant Amazon CloudWatch the permissions it needs to use the key. Verify that the caller has kms:Decrypt permission on the key, and that the key policy grants the CloudWatch service principal the kms:DescribeKey, kms:GenerateDataKey, kms:Encrypt, kms:Decrypt, and kms:ReEncrypt* permissions described in AssociateDatasetKmsKey.

Example

try:
  ...
except client.exceptions.KmsAccessDeniedException as e:
  print(e.response)

response

The parsed error response. All exceptions have a top level Error key that provides normalized access to common exception atrributes. All other keys are specific to this service or exception class.

Syntax

{
    'Message': 'string',
    'Error': {
        'Code': 'string',
        'Message': 'string'
    }
}

Structure

• (dict) –

  The operation was denied because either the calling principal lacks the required Amazon Web Services Key Management Service (Amazon Web Services KMS) permission on the key, or the key policy does not grant Amazon CloudWatch the permissions it needs to use the key. Verify that the caller has kms:Decrypt permission on the key, and that the key policy grants the CloudWatch service principal the kms:DescribeKey, kms:GenerateDataKey, kms:Encrypt, kms:Decrypt, and kms:ReEncrypt* permissions described in AssociateDatasetKmsKey.

  • Message (string) –

  • Error (dict) – Normalized access to common exception attributes.

    • Code (string) – An identifier specifying the exception type.

    • Message (string) – A descriptive message explaining why the exception occured.