What is the function of the following AWS Key Management Service (KMS) key policy attached to a customer master key (CMK)?

September 14, 2021 by Admin

What is the function of the following AWS Key Management Service (KMS) key policy attached to a customer master key (CMK)?

SCS-C01 AWS Certified Security – Specialty Part 02 Q17 009

SCS-C01 AWS Certified Security – Specialty Part 02 Q17 009

  • The Amazon WorkMail and Amazon SES services have delegated KMS encrypt and decrypt permissions to the ExampleUser principal in the 111122223333 account.
  • The ExampleUser principal can transparently encrypt and decrypt email exchanges specifically between ExampleUser and AWS.
  • The CMK is to be used for encrypting and decrypting only when the principal is ExampleUser and the request comes from WorkMail or SES in the specified region.
  • The key policy allows WorkMail or SES to encrypt or decrypt on behalf of the user for any CMK in the account.

Leave a Reply