Certified Security - Specialty

Sign Up Free or Log In to participate!

KMS Key Policy effect of key policy code

I am curious what the effect of the follow code provides:


"Id": "key-consolepolicy-3",

"Version": "2012-10-17",

"Statement": [


"Sid": "Enable IAM User Permissions",

"Effect": "Allow",

"Principal": {

"AWS": "arn:aws:iam::1234567890:root"


"Action": "kms:*",

"Resource": "*"




Does it allow access for the account to manage key access through IAM policies?

Does it allow all IAM users in the account to have full access to the key?

I have my own ideas of what its effect is but want to check.



Edit: Moderator edit to not show a real account number

1 Answers

I found the answer in the KMS doc.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?