Unable to access customer-managed keys on Key Management Service

0

We can't view our customer-managed keys even from the root account, and these key policies need to be edited. We kept getting errors: The user is not authorised to perform "kms:DescribeKey".

After adding "kms:DescribeKey" permission to the resource, the error still persists.

How can we solve this, please?

1 Answer
0

Hello.

If you are unable to access the KMS key no matter which user you use, you will need to open a case with AWS Support under "Account and billing" and have them take action.
https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html

For example, suppose you create a key policy that gives only one user access to the KMS key. If you then delete that user, the key becomes unmanageable and you must contact AWS Support to regain access to the KMS key.

profile picture
EXPERT
answered 9 months ago
  • I created an EKS cluster, and I later deleted the user who created the cluster. After several permission issues, I created a new user with the same name as the one that was deleted initially. Whenever I try to update the eks cluster with the new user iam, i keep getting the following: The user is not authorized to perform: kms:DescribeKey on resource. Even after adding the policy, I still get the same error. So I decided to login through the root account, and I noticed I couldn't even access the customer-managed key for that cluster.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions