2 回答
- 最新
- 投票最多
- 评论最多
0
- Go to Key Management Service
- Select your Key from Customer managed keys
- On the bottom you will see the Other AWS Accounts. Click on Add other accounts and enter your AWS account
已回答 6 个月前
0
When you grant access to an external account to use your custom key, keep in mind four important things:
- The key will not appear anywhere in the AWS Management Console for administrators of the external account to directly manage or select when creating encrypted resources. The administrator of the external account will need to specify the key’s ARN to use the key to create encrypted resources.
- After you grant access to external accounts, root users of those external accounts can execute the following actions using your key: Encrypt, Decrypt, ReEncrypt, GenerateDataKey, and DescribeKey.
- AWS services integrated with KMS can use your key on behalf of external accounts for which you have enabled cross-account access.
- IAM users and roles in the external account will not be able to use the key unless the account administrator of the external account creates and attaches a resource-level policy that specifies the KMS key ARN and permitted actions.
To know more about how to share Custom Encryption Keys More Securely Between Accounts by Using AWS Key Management Service, kindly refer the below blog.
已回答 6 个月前
相关内容
- AWS 官方已更新 1 年前
- AWS 官方已更新 1 年前
- AWS 官方已更新 1 年前
- AWS 官方已更新 7 个月前
I did already, but this doesn't work