Ao usar o AWS re:Post, você concorda com os AWS re:Post Termos de uso
AWS re:Postre:Post

Can't cleanup obsolete Customer managed keys in Key Management Service

0

No being able to view details, disable and/or schedule key deletion. Getting:

DescribeKey request failed AccessDeniedException - User: arn:aws:iam:::user/root is not authorized to perform: kms:DescribeKey on resource: arn:aws:kms:us-east-1::key/005aa284-c9a3-4b75-8eaa-de1ac998786d because no resource-based policy allows the kms:DescribeKey action

DisableKey request failed AccessDeniedException - User: arn:aws:iam:::user/root is not authorized to perform: kms:DisableKey on resource: arn:aws:kms:us-east-1::key/005aa284-c9a3-4b75-8eaa-de1ac998786d because no resource-based policy allows the kms:DisableKey action

AWS Support under "Account and billing" saying: This issue is beyond our scope on the Billing and Accounts team ... For additional technical help, you can engage our support engineers by posting to AWS re:Post ... You can also contact Premium (!?) Support.

Appreciate your advice.

Tópicos
Segurança, identidade e conformidade
Tags
AWS Key Management Service
Idioma
English
Artem
feita há 3 meses94 visualizações
1 Resposta
0

Hi, Artem

Please check this AWS document https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html for KMS resource-based policy.

If this helps solve your problem, please choose this as the Accepted Answer so others on re:Post may benefit - Thank you!

profile pictureAWS
AWS-Eric
respondido há 3 meses
profile picture
ESPECIALISTA
Giovanni Lauria
avaliado há um mês

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Diretrizes para responder a perguntas

Conteúdo relevante