2回答
- 新しい順
- 投票が多い順
- コメントが多い順
0
- Go to Key Management Service
- Select your Key from Customer managed keys
- On the bottom you will see the Other AWS Accounts. Click on Add other accounts and enter your AWS account
回答済み 6ヶ月前
0
When you grant access to an external account to use your custom key, keep in mind four important things:
- The key will not appear anywhere in the AWS Management Console for administrators of the external account to directly manage or select when creating encrypted resources. The administrator of the external account will need to specify the key’s ARN to use the key to create encrypted resources.
- After you grant access to external accounts, root users of those external accounts can execute the following actions using your key: Encrypt, Decrypt, ReEncrypt, GenerateDataKey, and DescribeKey.
- AWS services integrated with KMS can use your key on behalf of external accounts for which you have enabled cross-account access.
- IAM users and roles in the external account will not be able to use the key unless the account administrator of the external account creates and attaches a resource-level policy that specifies the KMS key ARN and permitted actions.
To know more about how to share Custom Encryption Keys More Securely Between Accounts by Using AWS Key Management Service, kindly refer the below blog.
回答済み 6ヶ月前
関連するコンテンツ
- AWS公式更新しました 10ヶ月前
- AWS公式更新しました 1年前
I did already, but this doesn't work