AWS Key Management Service

2024/03/18 - AWS Key Management Service - 1 updated api methods

Changes  Adds the ability to use the default policy name by omitting the policyName parameter in calls to PutKeyPolicy and GetKeyPolicy

GetKeyPolicy (updated) Link ΒΆ
Changes (response)
{'PolicyName': 'string'}

Gets a key policy attached to the specified KMS key.

Cross-account use : No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.

Required permissions : kms:GetKeyPolicy (key policy)

Related operations : PutKeyPolicy

Eventual consistency : The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency .

See also: AWS API Documentation

Request Syntax

type KeyId


param KeyId


Gets the key policy for the specified KMS key.

Specify the key ID or key ARN of the KMS key.

For example:

  • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

  • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey .

type PolicyName


param PolicyName

Specifies the name of the key policy. If no policy name is specified, the default value is default . The only valid name is default . To get the names of key policies, use ListKeyPolicies .




Response Syntax

    'Policy': 'string',
    'PolicyName': 'string'

Response Structure

  • (dict) --

    • Policy (string) --

      A key policy document in JSON format.

    • PolicyName (string) --

      The name of the key policy. The only valid value is default .