1개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
0
Hello.
If you are unable to access the KMS key no matter which user you use, you will need to open a case with AWS Support under "Account and billing" and have them take action.
https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html
For example, suppose you create a key policy that gives only one user access to the KMS key. If you then delete that user, the key becomes unmanageable and you must contact AWS Support to regain access to the KMS key.
I created an EKS cluster, and I later deleted the user who created the cluster. After several permission issues, I created a new user with the same name as the one that was deleted initially. Whenever I try to update the eks cluster with the new user iam, i keep getting the following: The user is not authorized to perform: kms:DescribeKey on resource. Even after adding the policy, I still get the same error. So I decided to login through the root account, and I noticed I couldn't even access the customer-managed key for that cluster.