I am using Cognito to get the temporary credentials for authorizing encrypt() operation of the AWS KMS service. In my IAM role policy, I have specified the authorization to encrypt operation on a specific KeyID and ListKeys operation on all resources. Still I am getting an Access Denied Acception with the error that Cognito is not authorized to perform the operation List Keys. However, when I specify the KeyId in the code and encrypt using it, I am able to do so. How is it possible that I am getting to do encrypt operation but not ListKeys ?
Asked
Active
Viewed 267 times
2
Edcel Cabrera Vista
- 1,087
- 1
- 9
- 29
Anit Aggarwal
- 95
- 8
-
Did you check what's specific action that is denied? You can see it on the error and the cognito assumed role as well. – Edcel Cabrera Vista May 05 '20 at 04:30
-
Cognito is not authorized to perform the operation List Keys.on resource * – Anit Aggarwal May 05 '20 at 10:22