I would like to have ACM manage a TLS certificate that I upload in the console. However, the AWS role I am assuming can access KMS actions, but only from a certain set of IPv4 addresses. I will probably need to add an exception for a set of KMS actions, but I would rather not just put "*" in my policy.
Which set of KMS actions is the minimum required for what I need?
