Method	Required permissions	Required for `AwsKmsKeyStoreOptions.scopingTags`
`AwsKmsKeyStore.list()`	`kms:ListKeys`	`kms:ListResourceTags`
`AwsKmsKeyStore.get()`	`kms:ListKeys`	`kms:ListResourceTags`
`AwsKmsKeyStore.generate()`	`kms:CreateKey`, `kms:GetPublicKey`	`kms:TagResource`
`AwsKmsKeyStore.delete()`	`kms:ScheduleKeyDeletion`
`AwsKmsAccount.sign()`¹	`kms:Sign`

Replace [NUMERIC_ROOT_ACCOUNT_ID] with your [12-digit root account ID][AWSId]:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "kms:GetPublicKey",
        "kms:ScheduleKeyDeletion",
        "kms:DescribeKey",
        "kms:ListResourceTags",
        "kms:Sign",
        "kms:TagResource"
      ],
      "Resource": "arn:aws:kms:*:[NUMERIC_ROOT_ACCOUNT_ID]:key/*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "kms:ListKeys",
        "kms:CreateKey"
      ],
      "Resource": "*"
    }
  ]
}

Footnotes

An AwsKmsAccount instance can be obtained from AwsKmsKeyStore.get(). [AWSId]: https://docs.aws.amazon.com/signin/latest/userguide/FindingYourAWSId.html ↩

Keywords

libplanet

FAQs

What is @planetarium/account-aws-kms?

Is @planetarium/account-aws-kms popular?

Is @planetarium/account-aws-kms well maintained?

Package last updated on 17 Feb 2025

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install