Certified Security - Specialty

Sign Up Free or Log In to participate!

KMS Grant user permissions

When creating the Grant Token Faye used Dave’s user, I was expecting to have to do it from a user that has permissions to the KMS Key itself?

1 Answers

Hi Mgonza,

Faye didn’t create the grant using Dave’s user.

In the command used:

aws kms create-grant --key-id  --grantee-principal  --operations "Encrypt"

Faye didn’t append "–profile dave" (as was done on the previous encrypt command) and hence the command was run with her default AWS profile. That profile must have had the correct permissions since the create grant command succeeded.

Hope this helps 🙂


thanks Hotspur, you are absolutelly right, I was not familiar with Named profiles: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?