Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Can't cleanup obsolete Customer managed keys in Key Management Service

0

No being able to view details, disable and/or schedule key deletion. Getting:

DescribeKey request failed AccessDeniedException - User: arn:aws:iam:::user/root is not authorized to perform: kms:DescribeKey on resource: arn:aws:kms:us-east-1::key/005aa284-c9a3-4b75-8eaa-de1ac998786d because no resource-based policy allows the kms:DescribeKey action

DisableKey request failed AccessDeniedException - User: arn:aws:iam:::user/root is not authorized to perform: kms:DisableKey on resource: arn:aws:kms:us-east-1::key/005aa284-c9a3-4b75-8eaa-de1ac998786d because no resource-based policy allows the kms:DisableKey action

AWS Support under "Account and billing" saying: This issue is beyond our scope on the Billing and Accounts team ... For additional technical help, you can engage our support engineers by posting to AWS re:Post ... You can also contact Premium (!?) Support.

Appreciate your advice.

Themen
Sicherheit, Identität & Konformität
Tags
AWS-Schlüsselverwaltungsservice
Sprache
English
Artem
gefragt vor 3 Monaten94 Aufrufe
1 Antwort
0

Hi, Artem

Please check this AWS document https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html for KMS resource-based policy.

If this helps solve your problem, please choose this as the Accepted Answer so others on re:Post may benefit - Thank you!

profile pictureAWS
AWS-Eric
beantwortet vor 3 Monaten
profile picture
EXPERTE
Giovanni Lauria
überprüft vor einem Monat

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt