I created KMS key by using KMS client (PHP).
`new KmsClient([
'credentials' => [
'key' => $awsKey,
'secret' => $awsSecret,
],
'version' => 'latest',
'region' => 'us-east-1',
]);`
Now I want to share this key with some other users. I have their Account IDs,
How can I do that, by using RDS api?
Nothing works. I'm also unable to find any examples in GitHub examples.
You need to create a policy to give permission to another account access it. Check here for more details. 444455556666
is other account's id.
{
"Sid": "Allow an external account to use this KMS key",
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::444455556666:root"
]
},
"Action": [
"kms:Encrypt",
"kms:Decrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*",
"kms:DescribeKey"
],
"Resource": "*"
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.