Key policies control access to your customer managed key. Every customer managed key must have exactly one key policy, with policy statements that determine who can use the key and how they can use it. When you create your key, you can specify a key policy. For more information, see Working with key policies in the AWS Key Management Service Developer Guide.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Allow key access to Amazon Chime SDK voice analytics.",
"Effect": "Allow",
"Principal": {
"AWS": "your_user_or_role_ARN"
},
"Action": [
"kms:CreateGrant",
"kms:Decrypt",
"kms:DescribeKey"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"kms:ViaService": [
"chimevoiceconnector.region.amazonaws.com"
]
}
}
}
]
}For information about specifying permissions in a policy, see Specifying KMS keys in IAM policy statements in the AWS Key Management Service Developer Guide.
For information about troubleshooting key access, see Troubleshooting key access in the AWS Key Management Service Developer Guide.
