How to enable IAM policies for KMS keys in Chinese regions?

To enable IAM policies for KMS keys in Chinese regions, you can follow the below steps:

Open the AWS Key Management Service (KMS) console in the Chinese region where you want to enable IAM policies.

Choose the KMS key for which you want to enable IAM policies.

In the key details page, select the "Key Policy" tab.

Choose the "Edit" button to edit the key policy.

Add the following statement to the key policy:

"Statement": [ { "Sid": "Enable IAM Policies", "Effect": "Allow", "Principal": {"AWS": ""}, "Action": "kms:", "Resource": "*", "Condition": {"Bool": {"kms:AWSAccountId": "true"}} } ]

Save the key policy.

Once you enable IAM policies for KMS keys in the Chinese region, you can use IAM policies to control access to your KMS keys. For example, you can create an IAM policy that allows users to use a specific KMS key for encryption and decryption operations, but does not allow them to delete the key or modify its key policy.

Note that enabling IAM policies for KMS keys in the Chinese region is subject to specific regulatory requirements and may require additional steps. Please refer to the AWS documentation and consult with legal and regulatory compliance experts for guidance on specific requirements in the Chinese region.