Service: kms

Attached Policies

Policy ARN	Policy Name
`arn:aws:iam::aws:policy/ReadOnlyAccess`	ReadOnlyAccess
`arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess`	AmazonDynamoDBFullAccess
`arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess`	AmazonDynamoDBReadOnlyAccess
`arn:aws:iam::aws:policy/AmazonElastiCacheFullAccess`	AmazonElastiCacheFullAccess
`arn:aws:iam::aws:policy/AmazonElasticMapReduceFullAccess`	AmazonElasticMapReduceFullAccess
`arn:aws:iam::aws:policy/AWSKeyManagementServicePowerUser`	AWSKeyManagementServicePowerUser
`arn:aws:iam::aws:policy/AmazonWorkMailFullAccess`	AmazonWorkMailFullAccess
`arn:aws:iam::aws:policy/SecurityAudit`	SecurityAudit
`arn:aws:iam::aws:policy/AmazonElasticFileSystemFullAccess`	AmazonElasticFileSystemFullAccess
`arn:aws:iam::aws:policy/AmazonElasticFileSystemReadOnlyAccess`	AmazonElasticFileSystemReadOnlyAccess
`arn:aws:iam::aws:policy/AmazonWorkSpacesAdmin`	AmazonWorkSpacesAdmin
`arn:aws:iam::aws:policy/job-function/ViewOnlyAccess`	ViewOnlyAccess
`arn:aws:iam::aws:policy/job-function/SupportUser`	SupportUser
`arn:aws:iam::aws:policy/job-function/SystemAdministrator`	SystemAdministrator
`arn:aws:iam::aws:policy/job-function/DatabaseAdministrator`	DatabaseAdministrator
`arn:aws:iam::aws:policy/job-function/DataScientist`	DataScientist
`arn:aws:iam::aws:policy/AmazonLexFullAccess`	AmazonLexFullAccess
`arn:aws:iam::aws:policy/AWSGlueConsoleFullAccess`	AWSGlueConsoleFullAccess
`arn:aws:iam::aws:policy/AmazonSageMakerFullAccess`	AmazonSageMakerFullAccess
`arn:aws:iam::aws:policy/AlexaForBusinessFullAccess`	AlexaForBusinessFullAccess
`arn:aws:iam::aws:policy/SecretsManagerReadWrite`	SecretsManagerReadWrite
`arn:aws:iam::aws:policy/AmazonEKSClusterPolicy`	AmazonEKSClusterPolicy
`arn:aws:iam::aws:policy/NeptuneReadOnlyAccess`	NeptuneReadOnlyAccess
`arn:aws:iam::aws:policy/NeptuneFullAccess`	NeptuneFullAccess
`arn:aws:iam::aws:policy/aws-service-role/AWSConfigServiceRolePolicy`	AWSConfigServiceRolePolicy
`arn:aws:iam::aws:policy/NeptuneConsoleFullAccess`	NeptuneConsoleFullAccess
`arn:aws:iam::aws:policy/AWSGlueConsoleSageMakerNotebookFullAccess`	AWSGlueConsoleSageMakerNotebookFullAccess
`arn:aws:iam::aws:policy/AmazonFSxConsoleReadOnlyAccess`	AmazonFSxConsoleReadOnlyAccess
`arn:aws:iam::aws:policy/AmazonFSxConsoleFullAccess`	AmazonFSxConsoleFullAccess
`arn:aws:iam::aws:policy/AmazonDocDBFullAccess`	AmazonDocDBFullAccess
`arn:aws:iam::aws:policy/AmazonDocDBReadOnlyAccess`	AmazonDocDBReadOnlyAccess
`arn:aws:iam::aws:policy/AmazonDocDBConsoleFullAccess`	AmazonDocDBConsoleFullAccess
`arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup`	AWSBackupServiceRolePolicyForBackup
`arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForRestores`	AWSBackupServiceRolePolicyForRestores
`arn:aws:iam::aws:policy/AmazonMSKFullAccess`	AmazonMSKFullAccess
`arn:aws:iam::aws:policy/AmazonMSKReadOnlyAccess`	AmazonMSKReadOnlyAccess
`arn:aws:iam::aws:policy/AmazonManagedBlockchainConsoleFullAccess`	AmazonManagedBlockchainConsoleFullAccess
`arn:aws:iam::aws:policy/aws-service-role/AmazonElasticFileSystemServiceRolePolicy`	AmazonElasticFileSystemServiceRolePolicy
`arn:aws:iam::aws:policy/AWSDataExchangeSubscriberFullAccess`	AWSDataExchangeSubscriberFullAccess
`arn:aws:iam::aws:policy/AWSDataExchangeProviderFullAccess`	AWSDataExchangeProviderFullAccess
`arn:aws:iam::aws:policy/AWSDataExchangeFullAccess`	AWSDataExchangeFullAccess
`arn:aws:iam::aws:policy/AWSBackupFullAccess`	AWSBackupFullAccess
`arn:aws:iam::aws:policy/CloudWatchSyntheticsFullAccess`	CloudWatchSyntheticsFullAccess
`arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForImageBuilder`	AWSServiceRoleForImageBuilder
`arn:aws:iam::aws:policy/EC2InstanceProfileForImageBuilder`	EC2InstanceProfileForImageBuilder
`arn:aws:iam::aws:policy/aws-service-role/AccessAnalyzerServiceRolePolicy`	AccessAnalyzerServiceRolePolicy
`arn:aws:iam::aws:policy/AmazonKendraFullAccess`	AmazonKendraFullAccess
`arn:aws:iam::aws:policy/AmazonKeyspacesFullAccess`	AmazonKeyspacesFullAccess
`arn:aws:iam::aws:policy/AmazonKeyspacesReadOnlyAccess`	AmazonKeyspacesReadOnlyAccess
`arn:aws:iam::aws:policy/AWSThinkboxAWSPortalAdminPolicy`	AWSThinkboxAWSPortalAdminPolicy
`arn:aws:iam::aws:policy/aws-service-role/AWSBackupServiceLinkedRolePolicyForBackup`	AWSBackupServiceLinkedRolePolicyForBackup
`arn:aws:iam::aws:policy/AmazonAppFlowFullAccess`	AmazonAppFlowFullAccess
`arn:aws:iam::aws:policy/AlexaForBusinessLifesizeDelegatedAccessPolicy`	AlexaForBusinessLifesizeDelegatedAccessPolicy
`arn:aws:iam::aws:policy/service-role/AWS_ConfigRole`	AWS_ConfigRole
`arn:aws:iam::aws:policy/AmazonTimestreamFullAccess`	AmazonTimestreamFullAccess
`arn:aws:iam::aws:policy/AmazonTimestreamConsoleFullAccess`	AmazonTimestreamConsoleFullAccess
`arn:aws:iam::aws:policy/AWSCloudTrail_FullAccess`	AWSCloudTrail_FullAccess
`arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy`	AWSSupportServiceRolePolicy
`arn:aws:iam::aws:policy/AwsGlueDataBrewFullAccessPolicy`	AwsGlueDataBrewFullAccessPolicy
`arn:aws:iam::aws:policy/aws-service-role/DynamoDBKinesisReplicationServiceRolePolicy`	DynamoDBKinesisReplicationServiceRolePolicy
`arn:aws:iam::aws:policy/AWSLambda_ReadOnlyAccess`	AWSLambda_ReadOnlyAccess
`arn:aws:iam::aws:policy/AWSLambda_FullAccess`	AWSLambda_FullAccess
`arn:aws:iam::aws:policy/AmazonConnect_FullAccess`	AmazonConnect_FullAccess
`arn:aws:iam::aws:policy/AmazonMonitronFullAccess`	AmazonMonitronFullAccess
`arn:aws:iam::aws:policy/aws-service-role/AWSAuditManagerServiceRolePolicy`	AWSAuditManagerServiceRolePolicy
`arn:aws:iam::aws:policy/EC2InstanceProfileForImageBuilderECRContainerBuilds`	EC2InstanceProfileForImageBuilderECRContainerBuilds
`arn:aws:iam::aws:policy/AWSAuditManagerAdministratorAccess`	AWSAuditManagerAdministratorAccess
`arn:aws:iam::aws:policy/aws-service-role/AmazonEventBridgeApiDestinationsServiceRolePolicy`	AmazonEventBridgeApiDestinationsServiceRolePolicy
`arn:aws:iam::aws:policy/AWSProtonFullAccess`	AWSProtonFullAccess
`arn:aws:iam::aws:policy/aws-service-role/AWSApplicationMigrationServiceRolePolicy`	AWSApplicationMigrationServiceRolePolicy
`arn:aws:iam::aws:policy/AWSApplicationMigrationFullAccess`	AWSApplicationMigrationFullAccess
`arn:aws:iam::aws:policy/AmazonLookoutEquipmentFullAccess`	AmazonLookoutEquipmentFullAccess
`arn:aws:iam::aws:policy/AmazonLookoutVisionConsoleFullAccess`	AmazonLookoutVisionConsoleFullAccess
`arn:aws:iam::aws:policy/aws-service-role/AWSKeyManagementServiceMultiRegionKeysServiceRolePolicy`	AWSKeyManagementServiceMultiRegionKeysServiceRolePolicy
`arn:aws:iam::aws:policy/AmazonRedshiftQueryEditorV2FullAccess`	AmazonRedshiftQueryEditorV2FullAccess
`arn:aws:iam::aws:policy/AWSElasticDisasterRecoveryConsoleFullAccess`	AWSElasticDisasterRecoveryConsoleFullAccess
`arn:aws:iam::aws:policy/aws-service-role/AWSElasticDisasterRecoveryServiceRolePolicy`	AWSElasticDisasterRecoveryServiceRolePolicy
`arn:aws:iam::aws:policy/AWSBackupServiceRolePolicyForS3Restore`	AWSBackupServiceRolePolicyForS3Restore
`arn:aws:iam::aws:policy/AWSBackupServiceRolePolicyForS3Backup`	AWSBackupServiceRolePolicyForS3Backup
`arn:aws:iam::aws:policy/AWSMigrationHubOrchestratorConsoleFullAccess`	AWSMigrationHubOrchestratorConsoleFullAccess
`arn:aws:iam::aws:policy/aws-service-role/AmazonGuardDutyMalwareProtectionServiceRolePolicy`	AmazonGuardDutyMalwareProtectionServiceRolePolicy
`arn:aws:iam::aws:policy/AmazonSageMakerCanvasFullAccess`	AmazonSageMakerCanvasFullAccess
`arn:aws:iam::aws:policy/AWSRefactoringToolkitFullAccess`	AWSRefactoringToolkitFullAccess
`arn:aws:iam::aws:policy/aws-service-role/AWSResourceExplorerServiceRolePolicy`	AWSResourceExplorerServiceRolePolicy
`arn:aws:iam::aws:policy/service-role/AWSFaultInjectionSimulatorEC2Access`	AWSFaultInjectionSimulatorEC2Access
`arn:aws:iam::aws:policy/AmazonSecurityLakePermissionsBoundary`	AmazonSecurityLakePermissionsBoundary
`arn:aws:iam::aws:policy/AmazonSageMakerModelGovernanceUseAccess`	AmazonSageMakerModelGovernanceUseAccess
`arn:aws:iam::aws:policy/aws-service-role/AWSLicenseManagerLinuxSubscriptionsServiceRolePolicy`	AWSLicenseManagerLinuxSubscriptionsServiceRolePolicy
`arn:aws:iam::aws:policy/service-role/AWSSupplyChainFederationAdminAccess`	AWSSupplyChainFederationAdminAccess
`arn:aws:iam::aws:policy/aws-service-role/AmazonChimeSDKMessagingServiceRolePolicy`	AmazonChimeSDKMessagingServiceRolePolicy
`arn:aws:iam::aws:policy/AmazonSageMakerModelRegistryFullAccess`	AmazonSageMakerModelRegistryFullAccess
`arn:aws:iam::aws:policy/service-role/ROSAKubeControllerPolicy`	ROSAKubeControllerPolicy
`arn:aws:iam::aws:policy/service-role/ROSAKMSProviderPolicy`	ROSAKMSProviderPolicy
`arn:aws:iam::aws:policy/AmazonSecurityLakeAdministrator`	AmazonSecurityLakeAdministrator
`arn:aws:iam::aws:policy/AmazonDocDBElasticFullAccess`	AmazonDocDBElasticFullAccess
`arn:aws:iam::aws:policy/service-role/ROSAInstallerPolicy`	ROSAInstallerPolicy
`arn:aws:iam::aws:policy/service-role/ROSANodePoolManagementPolicy`	ROSANodePoolManagementPolicy
`arn:aws:iam::aws:policy/AWSAppFabricFullAccess`	AWSAppFabricFullAccess
`arn:aws:iam::aws:policy/AmazonCognitoUnAuthedIdentitiesSessionPolicy`	AmazonCognitoUnAuthedIdentitiesSessionPolicy
`arn:aws:iam::aws:policy/AWSEntityResolutionConsoleFullAccess`	AWSEntityResolutionConsoleFullAccess
`arn:aws:iam::aws:policy/AmazonLaunchWizardFullAccessV2`	AmazonLaunchWizardFullAccessV2
`arn:aws:iam::aws:policy/AmazonDataZoneEnvironmentRolePermissionsBoundary`	AmazonDataZoneEnvironmentRolePermissionsBoundary
`arn:aws:iam::aws:policy/AmazonKeyspacesReadOnlyAccess_v2`	AmazonKeyspacesReadOnlyAccess_v2
`arn:aws:iam::aws:policy/AmazonDataZoneFullAccess`	AmazonDataZoneFullAccess
`arn:aws:iam::aws:policy/AmazonDataZoneRedshiftGlueProvisioningPolicy`	AmazonDataZoneRedshiftGlueProvisioningPolicy
`arn:aws:iam::aws:policy/service-role/AmazonDataZoneGlueManageAccessRolePolicy`	AmazonDataZoneGlueManageAccessRolePolicy
`arn:aws:iam::aws:policy/AmazonSageMakerCanvasDataPrepFullAccess`	AmazonSageMakerCanvasDataPrepFullAccess
`arn:aws:iam::aws:policy/aws-service-role/AmazonInspector2AgentlessServiceRolePolicy`	AmazonInspector2AgentlessServiceRolePolicy
`arn:aws:iam::aws:policy/AWSElasticDisasterRecoveryConsoleFullAccess_v2`	AWSElasticDisasterRecoveryConsoleFullAccess_v2
`arn:aws:iam::aws:policy/NeptuneGraphReadOnlyAccess`	NeptuneGraphReadOnlyAccess
`arn:aws:iam::aws:policy/AmazonBedrockFullAccess`	AmazonBedrockFullAccess
`arn:aws:iam::aws:policy/AmazonRDSCustomInstanceProfileRolePolicy`	AmazonRDSCustomInstanceProfileRolePolicy
`arn:aws:iam::aws:policy/AmazonDataZoneSageMakerEnvironmentRolePermissionsBoundary`	AmazonDataZoneSageMakerEnvironmentRolePermissionsBoundary
`arn:aws:iam::aws:policy/AmazonDataZoneSageMakerProvisioningRolePolicy`	AmazonDataZoneSageMakerProvisioningRolePolicy
`arn:aws:iam::aws:policy/AmazonDataZoneSageMakerManageAccessRolePolicy`	AmazonDataZoneSageMakerManageAccessRolePolicy
`arn:aws:iam::aws:policy/AmazonBedrockStudioPermissionsBoundary`	AmazonBedrockStudioPermissionsBoundary
`arn:aws:iam::aws:policy/ResourceGroupsTaggingAPITagUntagSupportedResources`	ResourceGroupsTaggingAPITagUntagSupportedResources
`arn:aws:iam::aws:policy/AWS-SSM-DiagnosisAutomation-AdministrationRolePolicy`	AWS-SSM-DiagnosisAutomation-AdministrationRolePolicy
`arn:aws:iam::aws:policy/AWS-SSM-DiagnosisAutomation-ExecutionRolePolicy`	AWS-SSM-DiagnosisAutomation-ExecutionRolePolicy
`arn:aws:iam::aws:policy/AWS-SSM-RemediationAutomation-AdministrationRolePolicy`	AWS-SSM-RemediationAutomation-AdministrationRolePolicy
`arn:aws:iam::aws:policy/AWS-SSM-RemediationAutomation-ExecutionRolePolicy`	AWS-SSM-RemediationAutomation-ExecutionRolePolicy
`arn:aws:iam::aws:policy/SageMakerStudioProjectRoleMachineLearningPolicy`	SageMakerStudioProjectRoleMachineLearningPolicy
`arn:aws:iam::aws:policy/service-role/SageMakerStudioDomainServiceRolePolicy`	SageMakerStudioDomainServiceRolePolicy
`arn:aws:iam::aws:policy/SageMakerStudioProjectUserRolePermissionsBoundary`	SageMakerStudioProjectUserRolePermissionsBoundary
`arn:aws:iam::aws:policy/service-role/SageMakerStudioProjectProvisioningRolePolicy`	SageMakerStudioProjectProvisioningRolePolicy
`arn:aws:iam::aws:policy/SageMakerStudioProjectUserRolePolicy`	SageMakerStudioProjectUserRolePolicy
`arn:aws:iam::aws:policy/SageMakerStudioFullAccess`	SageMakerStudioFullAccess
`arn:aws:iam::aws:policy/AIOpsAssistantPolicy`	AIOpsAssistantPolicy
`arn:aws:iam::aws:policy/AIOpsConsoleAdminPolicy`	AIOpsConsoleAdminPolicy
`arn:aws:iam::aws:policy/AWSBackupServiceRolePolicyForIndexing`	AWSBackupServiceRolePolicyForIndexing
`arn:aws:iam::aws:policy/AWSBackupServiceRolePolicyForItemRestores`	AWSBackupServiceRolePolicyForItemRestores
`arn:aws:iam::aws:policy/service-role/SageMakerStudioEMRServiceRolePolicy`	SageMakerStudioEMRServiceRolePolicy
`arn:aws:iam::aws:policy/service-role/SageMakerStudioBedrockAgentServiceRolePolicy`	SageMakerStudioBedrockAgentServiceRolePolicy
`arn:aws:iam::aws:policy/service-role/SageMakerStudioBedrockChatAgentUserRolePolicy`	SageMakerStudioBedrockChatAgentUserRolePolicy
`arn:aws:iam::aws:policy/service-role/SageMakerStudioBedrockFlowServiceRolePolicy`	SageMakerStudioBedrockFlowServiceRolePolicy
`arn:aws:iam::aws:policy/service-role/SageMakerStudioBedrockPromptUserRolePolicy`	SageMakerStudioBedrockPromptUserRolePolicy
`arn:aws:iam::aws:policy/service-role/SageMakerStudioBedrockEvaluationJobServiceRolePolicy`	SageMakerStudioBedrockEvaluationJobServiceRolePolicy
`arn:aws:iam::aws:policy/service-role/SageMakerStudioBedrockKnowledgeBaseServiceRolePolicy`	SageMakerStudioBedrockKnowledgeBaseServiceRolePolicy
`arn:aws:iam::aws:policy/service-role/SageMakerStudioBedrockFunctionExecutionRolePolicy`	SageMakerStudioBedrockFunctionExecutionRolePolicy
`arn:aws:iam::aws:policy/service-role/SageMakerStudioEMRInstanceRolePolicy`	SageMakerStudioEMRInstanceRolePolicy
`arn:aws:iam::aws:policy/AWSBackupSearchOperatorAccess`	AWSBackupSearchOperatorAccess

Allowed Actions

Action	Service
kms:CreateAlias	kms
kms:CreateGrant	kms
kms:CreateKey	kms
kms:Decrypt	kms
kms:DeleteAlias	kms
kms:Describe*	kms
kms:DescribeKey	kms
kms:Encrypt	kms
kms:GenerateDataKey	kms
kms:GenerateDataKeyPair	kms
kms:GenerateDataKeyPairWithoutPlaintext	kms
kms:GenerateDataKeyWithoutPlaintext	kms
kms:GenerateRandom	kms
kms:Get*	kms
kms:GetKeyPolicy	kms
kms:GetKeyRotationStatus	kms
kms:GetPublicKey	kms
kms:List*	kms
kms:ListAliases	kms
kms:ListGrants	kms
kms:ListKeyPolicies	kms
kms:ListKeys	kms
kms:ListResourceTags	kms
kms:ListRetirableGrants	kms
kms:ReEncrypt*	kms
kms:ReEncryptFrom	kms
kms:ReEncryptTo	kms
kms:RetireGrant	kms
kms:RevokeGrant	kms
kms:Sign	kms
kms:SynchronizeMultiRegionKey	kms
kms:TagResource	kms
kms:UntagResource	kms
kms:Verify	kms
kms:describeKey	kms
kms:getKeyPolicy	kms
kms:getKeyRotationStatus	kms
kms:listAliases	kms
kms:listGrants	kms
kms:listKeyPolicies	kms
kms:listKeys	kms
kms:listResourceTags	kms
kms:listRetirableGrants	kms