'Missing KMS-CMK S3 condition key: CreateBucket
Currently, the available IAM condition keys for the CreateBucket action are as follows:
s3:x-amz-grant-read-acp
s3:TlsVersion
s3:signatureAge
s3:locationconstraint
s3:x-amz-grant-full-control
s3:x-amz-grant-write
s3:x-amz-content-sha256
s3:x-amz-grant-write-acp
s3:x-amz-object-ownership
s3:x-amz-grant-read
s3:authType
s3:ResourceAccount
s3:x-amz-acl
s3:signatureversion
As far as I can tell, none of those do what I'm trying to do, which is enforcing a policy that denies the action of creating a bucket with the specified parameters below (i.e. user must select the KMS-CMK option):
Indeed, one has the option of doing a similar action when putting a new object in a bucket, but that' not what I'm attempting to do here. Do I need to just stick with regulating how objects are written to S3 instead of governing how an S3 bucket is initially configured in terms of KMS-CMK?
amazon-s3Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|