Attribute-Based Access Control (ABAC) for the AWS Key Management Service

Posted on: Dec 17, 2020

Today, the AWS Key Management Service (KMS) is announcing availability for attribute-based access control (ABAC) to allow the use of tags and aliases in policy conditions for IAM policies and AWS KMS key policies. Attribute-based access control is an authorization strategy that defines permissions based on tags which can be attached to users and AWS resources. KMS additionally supports the use of key aliases in policy conditions.

AWS KMS makes it easy for you to create and manage cryptographic keys and control their use across a wide range of AWS services and in your applications. AWS KMS is a secure and resilient service that uses hardware security modules that have been validated under FIPS 140-2. You can use the ABAC feature to control permission to use or manage cryptographic keys in KMS on the basis of the tags or aliases applied to the key. 

For more information about attribute-based access control, please see the IAM user guide

For more information on configuring ABAC with AWS KMS, please see the KMS user guide.