2 Answers
- Newest
- Most votes
- Most comments
0
What IAM policies are you actually using?
Also, are you using Systems Manager Session Manager to connect to EC2?
0
IAM is full administrator rights. when i added this condition "kms:ViaService": "ssm.ap-southeast-1.amazonaws.com"
I cannot (connect) button in Connect to Instance (Session Manager), the error said that I do not have the kms:GenerateDataKey in key policy which it is in place. Once I remove this permission "kms:ViaService": "ssm.ap-southeast-1.amazonaws.com" I am able to connect to the EC2.
I am trying to limit the key usages by using the condition of via service.
answered a year ago
Relevant content
- asked 5 months ago
AWS OFFICIALUpdated 3 years ago- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
IAM currently is full access administator. cause I am doing some testing. Yes I am using System Managers Session Manager to Connect to EC2. Currently, I need to encrypt the ssm session with kms key with viaservice or condition limited. May I know which via services or condition that I can put in for testing? TYIA
Can you please share the IAM policy you have set up for EC2 and the full text of the connection error?
Is the EC2 running on a private subnet? If so, are KMS VPC endpoints and NAT gateways configured?