AWS Key Management Service
(kms)
IAM Changes
Services
AWS Key Management Service
2024-04-17
2024-04-17
2 new actions, 1 new condition | 1 updated action
Additions
Actions
ListKeyRotations
Description:
Controls permission to view the list of completed key rotations for an AWS KMS key
Access:
List
Resources:
Name: key
Required: Yes
Conditions:
kms:CallerAccount
kms:ViaService
RotateKeyOnDemand
Description:
Controls permission to invoke on-demand rotation of the cryptographic material in an AWS KMS key
Access:
Write
Resources:
Name: key
Required: Yes
Conditions:
kms:CallerAccount
kms:ViaService
Conditions
kms:RotationPeriodInDays
Description:
Filters access to the EnableKeyRotation operation based on the value of the RotationPeriodInDays parameter in the request
Type:
Numeric
Updates
Actions
EnableKeyRotation
Conditions
+ kms:RotationPeriodInDays