|
|
|
|
|
|
by RKearney
1640 days ago
|
|
|
Yes but this role did not add the necessary privileges for it to use customer KMS keys. You can’t get an S3 object that’s encrypted with a KMS key if you don’t also have permission to decrypt with that key. Of course Amazon could just give themselves access to decrypt with your KMS keys too, but that didn’t happen here. |
|
|