I have a power user policy attached to aws user1,user2,user3
i login as user1 to create kms key , made user2 a key admin
update key policy to make EC2-iamrole-1,EC2-iamrole-2 ,user3 as key user
user2 can still use kms keys for decryption and access files
i change kms key policy and remove user-c from key users
It seems any one who has power user policy attached their user can use the kms key even if they are not in key users
Good explanation, thanks!
"The main difference between a IAM roles with Administrator Access and Power User access is that Power User’s can do everything that an Admin user can do EXCEPT that Power Users cannot manage IAM users or groups."- from this it seems like from kms service prespective power user is same as Administrator .
Thanks Ameen, What the is the difference between a power user and system administrator?