2 Respostas
- Mais recentes
- Mais votos
- Mais comentários
0
- Go to Key Management Service
- Select your Key from Customer managed keys
- On the bottom you will see the Other AWS Accounts. Click on Add other accounts and enter your AWS account
respondido há 6 meses
0
When you grant access to an external account to use your custom key, keep in mind four important things:
- The key will not appear anywhere in the AWS Management Console for administrators of the external account to directly manage or select when creating encrypted resources. The administrator of the external account will need to specify the key’s ARN to use the key to create encrypted resources.
- After you grant access to external accounts, root users of those external accounts can execute the following actions using your key: Encrypt, Decrypt, ReEncrypt, GenerateDataKey, and DescribeKey.
- AWS services integrated with KMS can use your key on behalf of external accounts for which you have enabled cross-account access.
- IAM users and roles in the external account will not be able to use the key unless the account administrator of the external account creates and attaches a resource-level policy that specifies the KMS key ARN and permitted actions.
To know more about how to share Custom Encryption Keys More Securely Between Accounts by Using AWS Key Management Service, kindly refer the below blog.
respondido há 6 meses
Conteúdo relevante
- AWS OFICIALAtualizada há 2 meses
- AWS OFICIALAtualizada há 10 meses
- AWS OFICIALAtualizada há 6 meses
- AWS OFICIALAtualizada há 2 anos
I did already, but this doesn't work