404

[ Avaa Bypassed ]




Upload:

Command:

botdev@3.140.188.79: ~ $
**To change the key policy for a KMS key**

The following ``put-key-policy`` example changes the key policy for a customer managed key. 

To begin, create a key policy and save it in a local JSON file. In this example, the file is ``key_policy.json``. You can also specify the key policy as a string value of the ``policy`` parameter. 

The first statement in this key policy gives the AWS account permission to use IAM policies to control access to the KMS key. The second statement gives the ``test-user`` user permission to run the ``describe-key`` and ``list-keys`` commands on the KMS key.  

Contents of ``key_policy.json``::

    {
        "Version" : "2012-10-17",
        "Id" : "key-default-1",
        "Statement" : [
            {
                "Sid" : "Enable IAM User Permissions",
                "Effect" : "Allow",
                "Principal" : {
                    "AWS" : "arn:aws:iam::111122223333:root"
                },
                "Action" : "kms:*",
                "Resource" : "*"
            },
            {
                "Sid" : "Allow Use of Key",
                "Effect" : "Allow",
                "Principal" : {
                    "AWS" : "arn:aws:iam::111122223333:user/test-user"
                },
                "Action" : [
                    "kms:DescribeKey",
                    "kms:ListKeys"
                ],
                "Resource" : "*"
            }
        ]
    }

To identify the KMS key, this example uses the key ID, but you can also usa key ARN. To specify the key policy, the command uses the ``policy`` parameter. To indicate that the policy is in a file, it uses the required ``file://`` prefix. This prefix is required to identify files on all supported operating systems. Finally, the command uses the ``policy-name`` parameter with a value of ``default``. This parameter is required, even though ``default`` is the only valid value. ::

    aws kms put-key-policy \
        --policy-name default \
        --key-id 1234abcd-12ab-34cd-56ef-1234567890ab \
        --policy file://key_policy.json

This command does not produce any output. To verify that the command was effective, use the ``get-key-policy`` command. The following example command gets the key policy for the same KMS key. The ``output`` parameter with a value of ``text`` returns a text format that is easy to read. ::

    aws kms get-key-policy \
        --policy-name default \
        --key-id 1234abcd-12ab-34cd-56ef-1234567890ab \
        --output text

Output::

    {
        "Version" : "2012-10-17",
        "Id" : "key-default-1",
        "Statement" : [ 
            {
                "Sid" : "Enable IAM User Permissions",
                "Effect" : "Allow",
                "Principal" : {
                    "AWS" : "arn:aws:iam::111122223333:root"
                },
                "Action" : "kms:*",
                "Resource" : "*"
                }, 
                {
                "Sid" : "Allow Use of Key",
                "Effect" : "Allow",
                "Principal" : {
                    "AWS" : "arn:aws:iam::111122223333:user/test-user"
                },
                "Action" : [ "kms:Describe", "kms:List" ],
                "Resource" : "*"
            } 
        ]
    }

For more information, see `Changing a Key Policy <https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-modifying.html>`__ in the *AWS Key Management Service Developer Guide*.

Filemanager

Name Type Size Permission Actions
cancel-key-deletion.rst File 884 B 0644
connect-custom-key-store.rst File 1.08 KB 0755
create-alias.rst File 729 B 0644
create-custom-key-store.rst File 3.75 KB 0755
create-grant.rst File 1.18 KB 0755
create-key.rst File 12.17 KB 0644
decrypt.rst File 4.44 KB 0644
delete-alias.rst File 502 B 0644
delete-custom-key-store.rst File 1.47 KB 0755
delete-imported-key-material.rst File 656 B 0644
describe-custom-key-stores.rst File 5.32 KB 0755
describe-key.rst File 5.76 KB 0644
disable-key-rotation.rst File 679 B 0644
disable-key.rst File 503 B 0644
disconnect-custom-key-store.rst File 1.25 KB 0644
enable-key-rotation.rst File 708 B 0644
enable-key.rst File 1.02 KB 0644
encrypt.rst File 3.47 KB 0644
generate-data-key-pair-without-plaintext.rst File 1.66 KB 0644
generate-data-key-pair.rst File 1.73 KB 0644
generate-data-key-without-plaintext.rst File 1.35 KB 0644
generate-data-key.rst File 3.17 KB 0644
generate-random.rst File 3.16 KB 0644
get-key-policy.rst File 956 B 0644
get-key-rotation-status.rst File 656 B 0644
get-parameters-for-import.rst File 1.36 KB 0644
get-public-key.rst File 2.31 KB 0644
import-key-material.rst File 1.51 KB 0644
list-aliases.rst File 2.72 KB 0755
list-grants.rst File 2.55 KB 0755
list-key-policies.rst File 926 B 0644
list-keys.rst File 1.04 KB 0644
list-resource-tags.rst File 980 B 0644
list-retirable-grants.rst File 2.92 KB 0644
put-key-policy.rst File 3.44 KB 0755
re-encrypt.rst File 3.82 KB 0644
retire-grant.rst File 810 B 0644
revoke-grant.rst File 776 B 0644
schedule-key-deletion.rst File 1.44 KB 0644
sign.rst File 3.08 KB 0644
tag-resource.rst File 891 B 0644
untag-resource.rst File 836 B 0644
update-alias.rst File 814 B 0644
update-custom-key-store.rst File 6.61 KB 0755
update-key-description.rst File 1.85 KB 0644
verify.rst File 1.38 KB 0644