1回答
- 新しい順
- 投票が多い順
- コメントが多い順
0
Cause of the error :
- When the resource you are trying to get is not encrypted by the same KMS key, you are trying to decrypt.
- You are not using the ciphertextblob to decrypt the data but was used previously at the time of encryption.
- The KMS key doesn't exist or doesn't exist in that region.
- The principal trying to access the encrypted key doesn't have the correct KMS permissions.
Please Confirm Below :
- If you are using same KMS key for decryption which was used while encryption.
- Check if the role you are using to perform the action has permissions to access the kms key
- Check if the KMS key policy you have created has the permissions to the role you are using to perform the action as below :
{
"Sid": "Enable IAM Role Permissions",
"Effect": "Allow",
"Principal": {
"AWS": "<Role_Arn_You_Are_Performing_Action_From>"
},
"Action": [
"kms:Encrypt",
"kms:Decrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*",
"kms:DescribeKey"
],
"Resource": "*"
}
回答済み 7ヶ月前
関連するコンテンツ
- AWS公式更新しました 3年前