Skip to content

DynamoDB KMS Policies

Granting encrypt and decrypt permissions to users or roles.

{
    "Sid": "Allow users or roles to use KMS to DynamoDB.",
    "Effect": "Allow",
    "Principal": {
        "AWS": "arn:aws:iam::<account id>:<users or roles>/<users or roles name>"
    },
    "Action": [
        "kms:Decrypt"
    ],
    "Resource": "arn:aws:kms:<region code>:<account id>:key/<kms key id>"
}