Troubleshoot KMS Key Policies
In this hands-on lab, you will work with the AWS Key Management Service (KMS) to define a policy that restricts access to encrypted objects in S3 buckets. When working with S3, we already know we can apply a bucket policy that can restrict object access to specific users or groups. However, when working with encrypted objects in S3, we can use the encryption key's policy to restrict access as well. Note: Keys are now managed in KMS instead of in IAM.