Sign in to the AWS Management Console and open the AWS Identity and Access Management (IAM) console. Follow the steps mentioned below:



  1. In the left navigation pane, choose Encryption keys.
  2. For Region, choose the appropriate AWS Region.
  3. Choose the alias of the CMK whose key policy document you want to edit.
  4. On the Key Policy line, choose Switch to policy view.

  5. Add following statement in the key policy.

    1. {
       "Sid": "Allow SNS to use CMK",
       "Effect": "Allow",
       "Principal": {
       "Service": ""
       "Action": [
       "Resource": "*"



What to do next