Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Unable to remove KMS key

0

Hello guys,

I'm trying to remove a KMS key, and is being return this error:

DeleteImportedKeyMaterial request failed AccessDeniedException - User: arn:aws:iam::X:root is not authorized to perform: kms:DeleteImportedKeyMaterial on resource: arn:aws:kms:us-east-1:831926605768:key/20ecf010-7539-403f-990c-38a13319da63 because no resource-based policy allows the kms:DeleteImportedKeyMaterial action

The problem is that I no longer have access to the IAM user, because I removed it.` I only have access to the root user, but it seams that it hasn't permissions to access nor remove nor edit this KMS key. Can you please remove this key for me? How should I proceed?

Thank you in advance,

Miguel Melo

Topics
Security, Identity, & Compliance
Tags
AWS Key Management Service
Language
English
asked a year ago102 views
1 Answer
1

If the KMS key policy doesn't permit any still-existing principal access and if it doesn't delegate at least the key policy modification permission to IAM in the account (by granting the permission to the local account's "root" principal), and if there is no KMS key grant that would grant equivalent access to an existing principal, then the only way to restore access is by raising a ticket with AWS support, who can reset the key policy on your behalf.

EXPERT
answered a year ago
EXPERT
reviewed 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content