Help us improve the AWS re:Post Knowledge Center by sharing your feedback in a brief survey. Your input can influence how we create and update our content to better support your AWS journey.
unable to delete KMS Customer managed keys.
0
Unable to delete KMS Customer managed keys.
1 Answer
- Newest
- Most votes
- Most comments
0
Based on error message it is KMS key policy thing. In order to dig dipper you can indeed go through : https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html.
You can follow below steps to troubleshoot:
- Check KMS key policy, check if role/user using which you are logged in having permission to manage KMS keys. Policy should look like below:
{
"Sid": "Allow access for Key Administrators",
"Effect": "Allow",
"Principal": {"AWS":"arn:aws:iam::111122223333:role/ExampleAdminRole"},
"Action": [
"kms:Create*",
"kms:Describe*",
"kms:Enable*",
"kms:List*",
"kms:Put*",
"kms:Update*",
"kms:Revoke*",
"kms:Disable*",
"kms:Get*",
"kms:Delete*",
"kms:TagResource",
"kms:UntagResource",
"kms:ScheduleKeyDeletion",
"kms:CancelKeyDeletion"
],
"Resource": "*"
}
- Also try to login using root account and check if you are able delete it.
- If no user is not having permission to delete this key, best to contact AWS Support, they will help you.
Best Regards, Vikas
Relevant content
- asked 2 years ago
- asked 3 months ago
- AWS OFFICIALUpdated 2 years ago
