Sign in to the AWS Management Console and open the AWS Identity and Access Management (IAM) console. Follow the steps mentioned below:
Procedure
- In the left navigation pane, choose Encryption keys.
- For Region, choose the appropriate AWS Region.
- Choose the alias of the CMK whose key policy document you want to edit.
- On the Key Policy line, choose Switch to policy view.
-
- Add following statement in the key policy.
-
{
"Sid": "Allow SNS to use CMK",
"Effect": "Allow",
"Principal": {
"Service": "sns.amazonaws.com"
},
"Action": [
"kms:GenerateDataKey*",
"kms:Decrypt"
],
"Resource": "*"
}
-
