Skip to content

Secrets Manager KMS Policies

Granting encrypt and decrypt permissions to users or roles.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
{
    "Sid": "Allow users or roles to use KMS to S3.",
    "Effect": "Allow",
    "Principal": {
        "AWS": "arn:aws:iam::<account id>:<users or roles>/<users or roles name>"
    },
    "Action": [
        "kms:Decrypt",
        "kms:GenerateDataKey*",
    ],
    "Resource": "arn:aws:kms:<region code>:<account id>:key/<kms key id>"
}

AWS Documentation