2 Answers
- Newest
- Most votes
- Most comments
0
- Go to Key Management Service
- Select your Key from Customer managed keys
- On the bottom you will see the Other AWS Accounts. Click on Add other accounts and enter your AWS account
answered 10 months ago
0
When you grant access to an external account to use your custom key, keep in mind four important things:
- The key will not appear anywhere in the AWS Management Console for administrators of the external account to directly manage or select when creating encrypted resources. The administrator of the external account will need to specify the key’s ARN to use the key to create encrypted resources.
- After you grant access to external accounts, root users of those external accounts can execute the following actions using your key: Encrypt, Decrypt, ReEncrypt, GenerateDataKey, and DescribeKey.
- AWS services integrated with KMS can use your key on behalf of external accounts for which you have enabled cross-account access.
- IAM users and roles in the external account will not be able to use the key unless the account administrator of the external account creates and attaches a resource-level policy that specifies the KMS key ARN and permitted actions.
To know more about how to share Custom Encryption Keys More Securely Between Accounts by Using AWS Key Management Service, kindly refer the below blog.
answered 10 months ago
Relevant content
- Accepted Answerasked 10 months ago
- asked 10 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
I did already, but this doesn't work