Posted On: Dec 17, 2020

Today, the Amazon Key Management Service (KMS) is announcing availability for attribute-based access control (ABAC) to allow the use of tags and aliases in policy conditions for IAM policies and Amazon KMS key policies. Attribute-based access control is an authorization strategy that defines permissions based on tags which can be attached to users and Amazon Web Services resources. KMS additionally supports the use of key aliases in policy conditions. 

Amazon KMS makes it easy for you to create and manage cryptographic keys and control their use across a wide range of Amazon Web Services services and in your applications. Amazon KMS is a secure and resilient service that uses hardware security modules to make encryption available as a high-TPS service. You can use the ABAC feature to control permission to use or manage cryptographic keys in KMS on the basis of the tags or aliases applied to the key. 

For more information about attribute-based access control, please see the IAM user guide.

For more information on configuring ABAC with Amazon KMS, please see the KMS user guide

ABAC for KMS is available in all classic KMS regions, Amazon Web Services China (Beijing) Region, operated by Sinnet, and Amazon Web Services China (Ningxia) Region, operated by NWCD.