1 Answer
- Newest
- Most votes
- Most comments
0
Hello.
If you are unable to access the KMS key no matter which user you use, you will need to open a case with AWS Support under "Account and billing" and have them take action.
https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html
For example, suppose you create a key policy that gives only one user access to the KMS key. If you then delete that user, the key becomes unmanageable and you must contact AWS Support to regain access to the KMS key.
Relevant content
- Accepted Answerasked a year ago
- AWS OFFICIALUpdated 22 days ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 2 months ago
I created an EKS cluster, and I later deleted the user who created the cluster. After several permission issues, I created a new user with the same name as the one that was deleted initially. Whenever I try to update the eks cluster with the new user iam, i keep getting the following: The user is not authorized to perform: kms:DescribeKey on resource. Even after adding the policy, I still get the same error. So I decided to login through the root account, and I noticed I couldn't even access the customer-managed key for that cluster.