Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

Can't cleanup obsolete Customer managed keys in Key Management Service

0

No being able to view details, disable and/or schedule key deletion. Getting:

DescribeKey request failed AccessDeniedException - User: arn:aws:iam:::user/root is not authorized to perform: kms:DescribeKey on resource: arn:aws:kms:us-east-1::key/005aa284-c9a3-4b75-8eaa-de1ac998786d because no resource-based policy allows the kms:DescribeKey action

DisableKey request failed AccessDeniedException - User: arn:aws:iam:::user/root is not authorized to perform: kms:DisableKey on resource: arn:aws:kms:us-east-1::key/005aa284-c9a3-4b75-8eaa-de1ac998786d because no resource-based policy allows the kms:DisableKey action

AWS Support under "Account and billing" saying: This issue is beyond our scope on the Billing and Accounts team ... For additional technical help, you can engage our support engineers by posting to AWS re:Post ... You can also contact Premium (!?) Support.

Appreciate your advice.

Argomenti
Sicurezza, identità e conformità
Tag
Servizio di gestione delle chiavi AWS
Lingua
English
Artem
posta 3 mesi fa94 visualizzazioni
1 Risposta
0

Hi, Artem

Please check this AWS document https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html for KMS resource-based policy.

If this helps solve your problem, please choose this as the Accepted Answer so others on re:Post may benefit - Thank you!

profile pictureAWS
AWS-Eric
con risposta 3 mesi fa
profile picture
ESPERTO
Giovanni Lauria
verificato un mese fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente