unable to delete KMS Customer managed keys.

0

Unable to delete KMS Customer managed keys.Enter image description here

asked 2 years ago857 views
1 Answer
0

Based on error message it is KMS key policy thing. In order to dig dipper you can indeed go through : https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html.

You can follow below steps to troubleshoot:

  1. Check KMS key policy, check if role/user using which you are logged in having permission to manage KMS keys. Policy should look like below:
{
  "Sid": "Allow access for Key Administrators",
  "Effect": "Allow",
  "Principal": {"AWS":"arn:aws:iam::111122223333:role/ExampleAdminRole"},
  "Action": [
    "kms:Create*",
    "kms:Describe*",
    "kms:Enable*",
    "kms:List*",
    "kms:Put*",
    "kms:Update*",
    "kms:Revoke*",
    "kms:Disable*",
    "kms:Get*",
    "kms:Delete*",
    "kms:TagResource",
    "kms:UntagResource",
    "kms:ScheduleKeyDeletion",
    "kms:CancelKeyDeletion"
  ],
  "Resource": "*"
}
  1. Also try to login using root account and check if you are able delete it.
  2. If no user is not having permission to delete this key, best to contact AWS Support, they will help you.

Best Regards, Vikas

profile picture
answered 2 years ago
profile picture
EXPERT
reviewed a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions