Determining Access to an AWS KMS Customer Master Key