How can I resolve the CMK key policy error "Policy contains a statement with one or more invalid principals"?
Last updated: 2020-12-29
When I try to modify my AWS Key Management Service (AWS KMS) customer master key (CMK) key policy, the AWS Management Console displays the error "Policy contains a statement with one or more invalid principals".
When you create AWS Identity and Access Management (IAM) identities, you give them friendly names, such as Bob or Developers. IAM entities are identified with friendly names and ARNs. For security purposes, these IAM entities are also assigned a unique ID, such as AIDACKCEVSQ6C2EXAMPLE.
For example, you have an IAM user named Alice specified in an AWS KMS key policy, and Alice leaves the company. Then, a new user named Alice is hired, and an IAM user is created with the same name. Unique IDs assure that the new Alice can't inherit permissions that were granted to the old Alice.