2개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
0
- Go to Key Management Service
- Select your Key from Customer managed keys
- On the bottom you will see the Other AWS Accounts. Click on Add other accounts and enter your AWS account
답변함 7달 전
0
When you grant access to an external account to use your custom key, keep in mind four important things:
- The key will not appear anywhere in the AWS Management Console for administrators of the external account to directly manage or select when creating encrypted resources. The administrator of the external account will need to specify the key’s ARN to use the key to create encrypted resources.
- After you grant access to external accounts, root users of those external accounts can execute the following actions using your key: Encrypt, Decrypt, ReEncrypt, GenerateDataKey, and DescribeKey.
- AWS services integrated with KMS can use your key on behalf of external accounts for which you have enabled cross-account access.
- IAM users and roles in the external account will not be able to use the key unless the account administrator of the external account creates and attaches a resource-level policy that specifies the KMS key ARN and permitted actions.
To know more about how to share Custom Encryption Keys More Securely Between Accounts by Using AWS Key Management Service, kindly refer the below blog.
답변함 7달 전
관련 콘텐츠
- AWS 공식업데이트됨 7달 전
- AWS 공식업데이트됨 일 년 전
I did already, but this doesn't work