AWS KMS permissions for Amazon SQS message encryption

Release notes API docsStructural Cloud Tonic.ai

Last updated 2 months ago

Was this helpful?

{
    "Sid": "Allow access for Amazon S3 Event Notifications to Amazon SQS",
    "Effect": "Allow",
    "Principal": {
        "Service": "s3.amazonaws.com"
    },
    "Action": [
        "kms:Decrypt",
        "kms:GenerateDataKey"
    ],
    "Resource": "*"
}

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "kms:Decrypt",
                "kms:Encrypt",
                "kms:GenerateDataKey"
            ],
            "Resource": "<ARN to AWS KMS key>"
        }
    ]
}