September 14, 2021 by Admin
What is the function of the following AWS Key Management Service (KMS) key policy attached to a customer master key (CMK)?
- The Amazon WorkMail and Amazon SES services have delegated KMS encrypt and decrypt permissions to the ExampleUser principal in the 111122223333 account.
- The ExampleUser principal can transparently encrypt and decrypt email exchanges specifically between ExampleUser and AWS.
- The CMK is to be used for encrypting and decrypting only when the principal is ExampleUser and the request comes from WorkMail or SES in the specified region.
- The key policy allows WorkMail or SES to encrypt or decrypt on behalf of the user for any CMK in the account.