By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Can't cleanup obsolete Customer managed keys in Key Management Service

0

No being able to view details, disable and/or schedule key deletion. Getting:

DescribeKey request failed AccessDeniedException - User: arn:aws:iam:::user/root is not authorized to perform: kms:DescribeKey on resource: arn:aws:kms:us-east-1::key/005aa284-c9a3-4b75-8eaa-de1ac998786d because no resource-based policy allows the kms:DescribeKey action

DisableKey request failed AccessDeniedException - User: arn:aws:iam:::user/root is not authorized to perform: kms:DisableKey on resource: arn:aws:kms:us-east-1::key/005aa284-c9a3-4b75-8eaa-de1ac998786d because no resource-based policy allows the kms:DisableKey action

AWS Support under "Account and billing" saying: This issue is beyond our scope on the Billing and Accounts team ... For additional technical help, you can engage our support engineers by posting to AWS re:Post ... You can also contact Premium (!?) Support.

Appreciate your advice.

Topics
Security, Identity, & Compliance
Tags
AWS Key Management Service
Language
English
Artem
asked 3 months ago83 views
1 Answer
0

Hi, Artem

Please check this AWS document https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html for KMS resource-based policy.

If this helps solve your problem, please choose this as the Accepted Answer so others on re:Post may benefit - Thank you!

profile pictureAWS
AWS-Eric
answered 3 months ago
profile picture
EXPERT
Giovanni Lauria
reviewed a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content