Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Identity and access management for AWS Key Management Service

Focus mode
Identity and access management for AWS Key Management Service - AWS Key Management Service

AWS Identity and Access Management (IAM) helps you securely control access to AWS resources. Administrators control who can be authenticated (signed in) and authorized (have permissions) to use AWS KMS resources. For more information, see Using IAM policies with AWS KMS.

Key policies are the primary mechanism for controlling access to KMS keys in AWS KMS. Every KMS key must have a key policy. You can also use IAM policies and grants, along with key policies, to control access to your KMS keys. For more information, see KMS key access and permissions.

If you are using an Amazon Virtual Private Cloud (Amazon VPC), you can create an interface VPC endpoint to AWS KMS powered by AWS PrivateLink. You can also use VPC endpoint policies to determine which principals can access your AWS KMS endpoint, which API calls they can make, and which KMS key they can access.

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.