AWS Key Management Service

2024/03/18 - AWS Key Management Service - 1 updated api methods

Changes  Adds the ability to use the default policy name by omitting the policyName parameter in calls to PutKeyPolicy and GetKeyPolicy

GetKeyPolicy (updated) Link ΒΆ
Changes (response) 
{'PolicyName': 'string'}

Gets a key policy attached to the specified KMS key.

Cross-account use : No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.

Required permissions : kms:GetKeyPolicy (key policy)

Related operations : PutKeyPolicy

Eventual consistency : The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

See also: AWS API Documentation

Request Syntax

client.get_key_policy(
    KeyId='string',
    PolicyName='string'
)
type KeyId

string

param KeyId

[REQUIRED]

Gets the key policy for the specified KMS key.

Specify the key ID or key ARN of the KMS key.

For example:

  • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

  • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.

type PolicyName

string

param PolicyName

Specifies the name of the key policy. If no policy name is specified, the default value is default . The only valid name is default . To get the names of key policies, use ListKeyPolicies.

rtype

dict

returns

Response Syntax

{
    'Policy': 'string',
    'PolicyName': 'string'
}

Response Structure

  • (dict) --

    • Policy (string) --

      A key policy document in JSON format.

    • PolicyName (string) --

      The name of the key policy. The only valid value is default .