kms:CreateKey

Literal appearances in AWS managed IAM policies. Statements that use wildcards (for example s3:*) are not counted here. This is not an IAM authorization simulation.

Policies (any)

Allow (Action)

Deny (Action)

NotAction

Index generated 4/7/2026, 3:29:24 AM. 559 policies include at least one wildcard action string (any service).

Action reference

SAR-style (unofficial)

Service: AWS Key Management Service

Access level

Write

Description

Controls permission to create an AWS KMS key that can be used to protect data keys and other sensitive information

Dependent actions

iam:CreateServiceLinkedRole
kms:PutKeyPolicy
kms:TagResource

Allow (Action)

AWSCloudTrail_FullAccess
AWSKeyManagementServicePowerUser
AmazonDataZoneProjectDeploymentPermissionsBoundary
SystemAdministrator

Deny (Action)

None

NotAction

None

Thanks to Ian McKay for iam-dataset (MIT), structured data derived from the AWS Service Authorization Reference. Not maintained by AWS and not guaranteed current. IAMTrail's managed policy archive is separate.

Definitions bundle generated 4/7/2026, 3:29:24 AM