Skip to content

fix 339 #71

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix 339 #71

wants to merge 1 commit into from

Conversation

goncalodasilva
Copy link
Contributor

S3 bucket policies control access to the S3 bucket and its objects, not to KMS keys. You cannot grant a bucket access to a KMS key through a bucket policy. The principal (EC2 instance/IAM role) needs access to the key, not the bucket itself.

KMS key policies are the primary way to control access to KMS keys, and to use IAM policies to control access to a KMS key, the key policy must give the account permission to use IAM policies

https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html https://docs.aws.amazon.com/kms/latest/developerguide/control-access.html

danieldanielecki
danieldanielecki requested changes Oct 9, 2025
View reviewed changes
Copy link
Member

@danieldanielecki danieldanielecki left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you mind to also fix the typo Amaon to be Amazon?

@goncalodasilva
Copy link
Contributor Author

Do you mind to also fix the typo Amaon to be Amazon?

Done

@goncalodasilva
fix 339
783d66a 
S3 bucket policies control access to the S3 bucket and its objects, not to KMS keys. You cannot grant a bucket access to a KMS key through a bucket policy. The principal (EC2 instance/IAM role) needs access to the key, not the bucket itself.

KMS key policies are the primary way to control access to KMS keys, and to use IAM policies to control access to a KMS key, the key policy must give the account permission to use IAM policies

https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html
https://docs.aws.amazon.com/kms/latest/developerguide/control-access.html
@danieldanielecki
Copy link
Member

Do you mind to also fix the typo Amaon to be Amazon?

Done

and in the table of contents? :(

danieldanielecki
danieldanielecki requested changes Oct 20, 2025
View reviewed changes
Copy link
Member

@danieldanielecki danieldanielecki left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

in the table of contents, as well, please!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@danieldanielecki danieldanielecki danieldanielecki requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@goncalodasilva @danieldanielecki