En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

unable to delete KMS Customer managed keys.

0

Unable to delete KMS Customer managed keys.Enter image description here

Sujets
Sécurité, identité et conformité
Balises
Service AWS Key Management
Langue
English
priromauld
demandé il y a un an525 vues
1 réponse
0

Based on error message it is KMS key policy thing. In order to dig dipper you can indeed go through : https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html.

You can follow below steps to troubleshoot:

  1. Check KMS key policy, check if role/user using which you are logged in having permission to manage KMS keys. Policy should look like below:
{
  "Sid": "Allow access for Key Administrators",
  "Effect": "Allow",
  "Principal": {"AWS":"arn:aws:iam::111122223333:role/ExampleAdminRole"},
  "Action": [
    "kms:Create*",
    "kms:Describe*",
    "kms:Enable*",
    "kms:List*",
    "kms:Put*",
    "kms:Update*",
    "kms:Revoke*",
    "kms:Disable*",
    "kms:Get*",
    "kms:Delete*",
    "kms:TagResource",
    "kms:UntagResource",
    "kms:ScheduleKeyDeletion",
    "kms:CancelKeyDeletion"
  ],
  "Resource": "*"
}
  1. Also try to login using root account and check if you are able delete it.
  2. If no user is not having permission to delete this key, best to contact AWS Support, they will help you.

Best Regards, Vikas

profile picture
Vikas
répondu il y a un an
profile picture
EXPERT
Antonio_Lagrotteria
vérifié il y a un mois

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents