Certified Security - Specialty

Sign Up Free or Log In to participate!

Keyowner and Admin vs key user

I have a power user policy attached  to aws user1,user2,user3
i login as user1 to create kms key , made user2 a key admin 
update key policy to make EC2-iamrole-1,EC2-iamrole-2 ,user3 as key user

user2 can still use kms keys for decryption and access files

i change kms key policy and remove user-c from key users

It seems any one who has power user policy attached their user can use the kms key even if they are not in key users


"The main difference between a IAM roles with Administrator Access and Power User access is that Power User’s can do everything that an Admin user can do EXCEPT that Power Users cannot manage IAM users or groups."- from this it seems like from kms service prespective power user is same as Administrator .

Srinivas Landa

Thanks Ameen, What the is the difference between a power user and system administrator?

1 Answers

Good explanation, thanks!

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?