Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Access denied in AWS aurora (RDS database)

0

AccessDeniedException - User: because no identity-based policy allows the kms:DescribeKey action

what key or policy should I allow to solve this error?

i am trying to solve the when i am trying to create a RDS database

Topics
Security, Identity, & Compliance
Tags
AWS Key Management Service
Language
English
asked a year ago243 views
1 Answer
0

Hello.

Are you trying to create an RDS instance encrypted with a customer managed key?
In that case, you need to set "kms:DescribeKey" and "kms:CreateGrant" in the IAM policy for the IAM user you are using.
Try setting the key policy of the customer managed key you are trying to use for encryption to allow IAM users and the IAM policy to allow the above two policies.
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Encryption.Keys.html#Overview.Encryption.Keys.Authorizing

EXPERT
answered a year ago
EXPERT
reviewed a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content