In AWS’ KMS What Is the Difference between Administrative Permissions and Usage Permissions of a CMK?

A CMK is an encryption key. In Amazon Web Services, for CMKs (Customer Master Keys) in KMS (Key Management Service), what is the difference between administrative permissions and key usage permissions?

Usage permissions enable (either IAM users or roles) to encrypt and decrypt data with the AWS KMS API.

Administrative permissions for a CMK allows either an IAM user or role to give usage permissions to other IAM users or roles through the API (and sometimes the web console).

Leave a comment

Your email address will not be published. Required fields are marked *