Commands in resources don’t work with cloud_user permissions.
Starting lab with
Create a new key and make a note of the region you are working in
aws kms create-key
An error occurred (AccessDeniedException) when calling the CreateKey operation: User: arn:aws:iam::776627371336:user/cloud_user is not authorized to perform: kms:CreateKey on resource: * with an explicit deny in a service control policy
aws kms encrypt –cli-binary-format raw-in-base64-out –plaintext "hello" –key-id arn:aws:kms:us-east-1:776627371336:key/95ba350c-6f16-4dae-a6eb-9b56819b92e8
An error occurred (NotFoundException) when calling the Encrypt operation: Invalid arn us-east-1