{"slug":"iam-aws-kms","cloud":"aws","service":"kms","title":"AWS KMS (IAM)","description":"AWS Key Management Service (KMS) is a managed service for creating and controlling encryption keys used to protect data across AWS services and applications.","category":"security","common_permissions":["kms:ListKeys","kms:DescribeKey","kms:ListAliases","kms:CreateKey","kms:CreateAlias","kms:TagResource","kms:GetKeyPolicy","kms:ListResourceTags"],"least_privilege_example":"{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Effect\": \"Allow\",\n      \"Action\": [\n        \"kms:ListKeys\",\n        \"kms:DescribeKey\",\n        \"kms:ListAliases\",\n        \"kms:CreateKey\",\n        \"kms:CreateAlias\",\n        \"kms:TagResource\",\n        \"kms:GetKeyPolicy\",\n        \"kms:ListResourceTags\"\n      ],\n      \"Resource\": \"*\"\n    }\n  ]\n}","warnings":["Avoid kms:* — grants full control including key deletion and policy modification","Avoid kms:PutKeyPolicy unless needed — can change key permissions and lock out users"],"docs":"https://servicereference.us-east-1.amazonaws.com/v1/kms/kms.json","tags":["iam","aws"],"last_verified":"2026-06-14T00:00:00.000Z","next_check":"2026-12-11T00:00:00.000Z","created_at":"2026-06-14T04:48:55.212Z","updated_at":"2026-06-14T04:48:55.212Z"}