AWS KMS Key Alias not working in IAM Policies

Date: March 10, 2023Author: Amal G Jose 0 Comments

We cannot use a KMS Key alias or alias ARN or Alias id to represent a KMS key in an IAM policy. This is because of a security reason as the alias can be attached to another key and this can result in privileged escalation.

So for usage in IAM policies, only use the KMS key arn instead of alias. You can find the details in the AWS IAM best practices documentation.

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

All About Tech

Victory goes to the player who makes the next-to-last mistake

AWS KMS Key Alias not working in IAM Policies

Leave a Reply Cancel reply

Share this:

Like this:

Related

Leave a Reply Cancel reply