Skip to main content

Troubleshoot KMS Key Policies

Hands-On Lab


Photo of

Training Architect





In this hands-on lab, you will work with the AWS Key Management Service (KMS) to define a policy that restricts access to encrypted objects in S3 buckets. When working with S3, we already know we can apply a bucket policy that can restrict object access to specific users or groups. However, when working with encrypted objects in S3, we can use the encryption key's policy to restrict access as well. Note: Keys are now managed in KMS instead of in IAM.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.