本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
# AWS Key Management Service 的動作、資源和條件索引鍵
AWS Key Management Service (服務字首:`kms`) 提供下列服務特有的資源、動作和條件內容金鑰,可用於 IAM 許可政策。
參考資料:
+ 了解如何[設定此服務](https://docs.aws.amazon.com/kms/latest/developerguide/overview.html)。
+ 檢視[可供此服務使用的 API 操作](https://docs.aws.amazon.com/kms/latest/APIReference/)清單。
+ 了解如何[使用 IAM](https://docs.aws.amazon.com/kms/latest/developerguide/control-access.html) 許可政策來保護此服務及其資源。
**Topics**
+ [AWS Key Management Service 定義的動作](#awskeymanagementservice-actions-as-permissions)
+ [AWS Key Management Service 定義的資源類型](#awskeymanagementservice-resources-for-iam-policies)
+ [AWS Key Management Service 的條件索引鍵](#awskeymanagementservice-policy-keys)
## AWS Key Management Service 定義的動作
您可在 IAM 政策陳述式的 `Action` 元素中指定以下動作。使用政策來授予在 AWS中執行操作的許可。在政策中使用動作時,通常會允許或拒絕存取相同名稱的 API 操作或 CLI 命令。不過,在某些情況下,單一動作可控制對多個操作的存取。或者,某些操作需要多種不同的動作。
動作資料表的**存取層級**欄說明動作的分類方式 (列出、讀取、許可管理或標記)。此分類可協助您了解在政策中使用某動作時,該動作授予您的存取層級。如需存取層級的詳細資訊,請參閱[政策摘要中的存取層級](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_understand-policy-summary-access-level-summaries.html)。
「動作」資料表的**資源類型**欄會指出每個動作是否支援資源層級的許可。如果此欄沒有值,您必須在政策陳述式的 `Resource` 元素中指定政策適用的所有資源 ("\*")。如果資料欄包含資源類型,則您可以在具有該動作的陳述式中指定該類型的 ARN。如果動作具有一或多個必要資源,呼叫者必須具有對這些資源使用動作的許可。表格中的必要資源會以星號 (\*) 表示。如果您使用 IAM 政策中的 `Resource` 元素限制資源存取,則每種必要的資源類型必須要有 ARN 或模式。某些動作支援多種資源類型。如果資源類型是選用 (未顯示為必要),則您可以選擇使用其中一種選用資源類型。
「動作」資料表的**條件索引鍵**欄包含您可以在政策陳述式的 `Condition` 元素中指定的索引鍵。如需有關與服務資源相關聯之條件索引鍵的詳細資訊,請參閱「資源類型」資料表的**條件索引鍵**欄。
動作資料表的**相依動作**欄會顯示成功呼叫動作所需的其他許可。除了 動作本身的許可之外,還可能需要這些許可。當動作指定相依動作時,這些相依性可能適用於針對該動作定義的其他資源,而不只是資料表中列出的第一個資源。
**注意**
資源條件索引鍵會列在[資源類型](#awskeymanagementservice-resources-for-iam-policies)資料表中。您可以在「動作」資料表的**資源類型 (\*必填) **欄中找到適用於動作的資源類型連結。「資源類型」資料表中的資源類型包括**條件索引鍵**欄,其中包含套用至「動作」資料表中動作的資源條件索引鍵。
如需下表各欄的詳細資訊,請參閱[動作資料表](reference_policies_actions-resources-contextkeys.html#actions_table)。
****
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_CancelKeyDeletion.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_CancelKeyDeletion.html) **
- **描述:** 控制取消 KMS AWS 金鑰排程刪除的許可
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awskeymanagementservice-key](#awskeymanagementservice-key) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awskeymanagementservice-kms_CallerAccount](#awskeymanagementservice-kms_CallerAccount)
[#awskeymanagementservice-kms_ViaService](#awskeymanagementservice-kms_ViaService) / **相依動作:**
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_ConnectCustomKeyStore.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_ConnectCustomKeyStore.html) **
- **描述:** 控制在 外部將自訂金鑰存放區連線至其關聯的 AWS CloudHSM 叢集或外部金鑰管理器的許可 AWS
- **存取層級:** 寫入
- **資源類型 (\*必填項目):**
- **條件索引鍵:** [#awskeymanagementservice-kms_CallerAccount](#awskeymanagementservice-kms_CallerAccount)
- **相依動作:**
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateAlias.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateAlias.html) **
- **描述:** 控制為 AWS KMS 金鑰建立別名的許可。別名是選用的易記名稱,可以與 KMS 金鑰建立關聯
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awskeymanagementservice-alias](#awskeymanagementservice-alias) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** [#awskeymanagementservice-key](#awskeymanagementservice-key) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awskeymanagementservice-kms_CallerAccount](#awskeymanagementservice-kms_CallerAccount)
[#awskeymanagementservice-kms_ViaService](#awskeymanagementservice-kms_ViaService) / **相依動作:**
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateCustomKeyStore.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateCustomKeyStore.html) **
- **描述:** 控制建立由 AWS CloudHSM 叢集或 外部金鑰管理器支援的自訂金鑰存放區的許可 AWS
- **存取層級:** 寫入
- **資源類型 (\*必填項目):**
- **條件索引鍵:** [#awskeymanagementservice-kms_CallerAccount](#awskeymanagementservice-kms_CallerAccount)
- **相依動作:** cloudhsm:DescribeClusters
ec2:DescribeVpcEndpointServices
iam:CreateServiceLinkedRole
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateGrant.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateGrant.html) **
- **描述:** 控制將授予新增至 AWS KMS 金鑰的許可。您可以使用准許來新增許可,而無需變更金鑰政策或 IAM 政策
- **存取層級:** 許可管理
- **資源類型 (\*必填項目):** [#awskeymanagementservice-key](#awskeymanagementservice-key) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awskeymanagementservice-kms_CallerAccount](#awskeymanagementservice-kms_CallerAccount)
[#awskeymanagementservice-kms_EncryptionContext___EncryptionContextKey_](#awskeymanagementservice-kms_EncryptionContext___EncryptionContextKey_)
[#awskeymanagementservice-kms_EncryptionContextKeys](#awskeymanagementservice-kms_EncryptionContextKeys)
[#awskeymanagementservice-kms_GrantConstraintType](#awskeymanagementservice-kms_GrantConstraintType)
[#awskeymanagementservice-kms_GranteePrincipal](#awskeymanagementservice-kms_GranteePrincipal)
[#awskeymanagementservice-kms_GrantIsForAWSResource](#awskeymanagementservice-kms_GrantIsForAWSResource)
[#awskeymanagementservice-kms_GrantOperations](#awskeymanagementservice-kms_GrantOperations)
[#awskeymanagementservice-kms_RetiringPrincipal](#awskeymanagementservice-kms_RetiringPrincipal)
[#awskeymanagementservice-kms_ViaService](#awskeymanagementservice-kms_ViaService) / **相依動作:**
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateKey.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateKey.html) **
- **描述:** 控制建立 AWS KMS 金鑰的許可,可用於保護資料金鑰和其他敏感資訊
- **存取層級:** 寫入
- **資源類型 (\*必填項目):**
- **條件索引鍵:** [#awskeymanagementservice-aws_ResourceTag___TagKey_](#awskeymanagementservice-aws_ResourceTag___TagKey_)
[#awskeymanagementservice-aws_RequestTag___TagKey_](#awskeymanagementservice-aws_RequestTag___TagKey_)
[#awskeymanagementservice-aws_TagKeys](#awskeymanagementservice-aws_TagKeys)
[#awskeymanagementservice-kms_BypassPolicyLockoutSafetyCheck](#awskeymanagementservice-kms_BypassPolicyLockoutSafetyCheck)
[#awskeymanagementservice-kms_CallerAccount](#awskeymanagementservice-kms_CallerAccount)
[#awskeymanagementservice-kms_KeySpec](#awskeymanagementservice-kms_KeySpec)
[#awskeymanagementservice-kms_KeyUsage](#awskeymanagementservice-kms_KeyUsage)
[#awskeymanagementservice-kms_KeyOrigin](#awskeymanagementservice-kms_KeyOrigin)
[#awskeymanagementservice-kms_MultiRegion](#awskeymanagementservice-kms_MultiRegion)
[#awskeymanagementservice-kms_MultiRegionKeyType](#awskeymanagementservice-kms_MultiRegionKeyType)
[#awskeymanagementservice-kms_ViaService](#awskeymanagementservice-kms_ViaService)
- **相依動作:** iam:CreateServiceLinkedRole
kms:PutKeyPolicy
kms:TagResource
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_Decrypt.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_Decrypt.html) **
- **描述:** 控制解密以 AWS KMS 金鑰加密之加密文字的許可
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awskeymanagementservice-key](#awskeymanagementservice-key) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awskeymanagementservice-kms_CallerAccount](#awskeymanagementservice-kms_CallerAccount)
[#awskeymanagementservice-kms_EncryptionAlgorithm](#awskeymanagementservice-kms_EncryptionAlgorithm)
[#awskeymanagementservice-kms_EncryptionContext___EncryptionContextKey_](#awskeymanagementservice-kms_EncryptionContext___EncryptionContextKey_)
[#awskeymanagementservice-kms_EncryptionContextKeys](#awskeymanagementservice-kms_EncryptionContextKeys)
[#awskeymanagementservice-kms_RecipientAttestation_ImageSha384](#awskeymanagementservice-kms_RecipientAttestation_ImageSha384)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR0](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR0)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR1](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR1)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR2](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR2)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR3](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR3)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR4](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR4)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR5](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR5)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR6](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR6)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR7](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR7)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR8](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR8)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR9](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR9)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR10](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR10)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR11](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR11)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR12](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR12)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR13](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR13)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR14](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR14)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR15](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR15)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR16](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR16)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR17](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR17)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR18](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR18)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR19](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR19)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR20](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR20)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR21](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR21)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR22](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR22)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR23](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR23)
[#awskeymanagementservice-kms_RecipientAttestation_PCR0](#awskeymanagementservice-kms_RecipientAttestation_PCR0)
[#awskeymanagementservice-kms_RecipientAttestation_PCR1](#awskeymanagementservice-kms_RecipientAttestation_PCR1)
[#awskeymanagementservice-kms_RecipientAttestation_PCR2](#awskeymanagementservice-kms_RecipientAttestation_PCR2)
[#awskeymanagementservice-kms_RecipientAttestation_PCR3](#awskeymanagementservice-kms_RecipientAttestation_PCR3)
[#awskeymanagementservice-kms_RecipientAttestation_PCR4](#awskeymanagementservice-kms_RecipientAttestation_PCR4)
[#awskeymanagementservice-kms_RecipientAttestation_PCR5](#awskeymanagementservice-kms_RecipientAttestation_PCR5)
[#awskeymanagementservice-kms_RecipientAttestation_PCR6](#awskeymanagementservice-kms_RecipientAttestation_PCR6)
[#awskeymanagementservice-kms_RecipientAttestation_PCR7](#awskeymanagementservice-kms_RecipientAttestation_PCR7)
[#awskeymanagementservice-kms_RecipientAttestation_PCR8](#awskeymanagementservice-kms_RecipientAttestation_PCR8)
[#awskeymanagementservice-kms_RecipientAttestation_PCR9](#awskeymanagementservice-kms_RecipientAttestation_PCR9)
[#awskeymanagementservice-kms_RecipientAttestation_PCR10](#awskeymanagementservice-kms_RecipientAttestation_PCR10)
[#awskeymanagementservice-kms_RecipientAttestation_PCR11](#awskeymanagementservice-kms_RecipientAttestation_PCR11)
[#awskeymanagementservice-kms_RecipientAttestation_PCR12](#awskeymanagementservice-kms_RecipientAttestation_PCR12)
[#awskeymanagementservice-kms_RecipientAttestation_PCR13](#awskeymanagementservice-kms_RecipientAttestation_PCR13)
[#awskeymanagementservice-kms_RecipientAttestation_PCR14](#awskeymanagementservice-kms_RecipientAttestation_PCR14)
[#awskeymanagementservice-kms_RecipientAttestation_PCR15](#awskeymanagementservice-kms_RecipientAttestation_PCR15)
[#awskeymanagementservice-kms_RecipientAttestation_PCR16](#awskeymanagementservice-kms_RecipientAttestation_PCR16)
[#awskeymanagementservice-kms_RecipientAttestation_PCR17](#awskeymanagementservice-kms_RecipientAttestation_PCR17)
[#awskeymanagementservice-kms_RecipientAttestation_PCR18](#awskeymanagementservice-kms_RecipientAttestation_PCR18)
[#awskeymanagementservice-kms_RecipientAttestation_PCR19](#awskeymanagementservice-kms_RecipientAttestation_PCR19)
[#awskeymanagementservice-kms_RecipientAttestation_PCR20](#awskeymanagementservice-kms_RecipientAttestation_PCR20)
[#awskeymanagementservice-kms_RecipientAttestation_PCR21](#awskeymanagementservice-kms_RecipientAttestation_PCR21)
[#awskeymanagementservice-kms_RecipientAttestation_PCR22](#awskeymanagementservice-kms_RecipientAttestation_PCR22)
[#awskeymanagementservice-kms_RecipientAttestation_PCR23](#awskeymanagementservice-kms_RecipientAttestation_PCR23)
[#awskeymanagementservice-kms_RecipientAttestation_PCR24](#awskeymanagementservice-kms_RecipientAttestation_PCR24)
[#awskeymanagementservice-kms_RecipientAttestation_PCR25](#awskeymanagementservice-kms_RecipientAttestation_PCR25)
[#awskeymanagementservice-kms_RecipientAttestation_PCR26](#awskeymanagementservice-kms_RecipientAttestation_PCR26)
[#awskeymanagementservice-kms_RecipientAttestation_PCR27](#awskeymanagementservice-kms_RecipientAttestation_PCR27)
[#awskeymanagementservice-kms_RecipientAttestation_PCR28](#awskeymanagementservice-kms_RecipientAttestation_PCR28)
[#awskeymanagementservice-kms_RecipientAttestation_PCR29](#awskeymanagementservice-kms_RecipientAttestation_PCR29)
[#awskeymanagementservice-kms_RecipientAttestation_PCR30](#awskeymanagementservice-kms_RecipientAttestation_PCR30)
[#awskeymanagementservice-kms_RecipientAttestation_PCR31](#awskeymanagementservice-kms_RecipientAttestation_PCR31)
[#awskeymanagementservice-kms_RequestAlias](#awskeymanagementservice-kms_RequestAlias)
[#awskeymanagementservice-kms_ViaService](#awskeymanagementservice-kms_ViaService) / **相依動作:**
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_DeleteAlias.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_DeleteAlias.html) **
- **描述:** 控制准許刪除別名。別名是您可以與 AWS KMS 金鑰建立關聯的選用易記名稱
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awskeymanagementservice-alias](#awskeymanagementservice-alias) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** [#awskeymanagementservice-key](#awskeymanagementservice-key) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awskeymanagementservice-kms_CallerAccount](#awskeymanagementservice-kms_CallerAccount)
[#awskeymanagementservice-kms_ViaService](#awskeymanagementservice-kms_ViaService) / **相依動作:**
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_DeleteCustomKeyStore.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_DeleteCustomKeyStore.html) **
- **描述:** 控制准許刪除自訂金鑰存放區
- **存取層級:** 寫入
- **資源類型 (\*必填項目):**
- **條件索引鍵:** [#awskeymanagementservice-kms_CallerAccount](#awskeymanagementservice-kms_CallerAccount)
- **相依動作:**
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_DeleteImportedKeyMaterial.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_DeleteImportedKeyMaterial.html) **
- **描述:** 控制刪除您匯入 AWS KMS 金鑰之密碼編譯資料的許可。這個動作會使金鑰變成無用
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awskeymanagementservice-key](#awskeymanagementservice-key) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awskeymanagementservice-kms_CallerAccount](#awskeymanagementservice-kms_CallerAccount)
[#awskeymanagementservice-kms_ViaService](#awskeymanagementservice-kms_ViaService) / **相依動作:**
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_DeriveSharedSecret.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_DeriveSharedSecret.html) **
- **描述:** 控制使用指定 AWS KMS 金鑰衍生共用秘密的許可
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awskeymanagementservice-key](#awskeymanagementservice-key) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awskeymanagementservice-kms_CallerAccount](#awskeymanagementservice-kms_CallerAccount)
[#awskeymanagementservice-kms_KeyAgreementAlgorithm](#awskeymanagementservice-kms_KeyAgreementAlgorithm)
[#awskeymanagementservice-kms_RecipientAttestation_ImageSha384](#awskeymanagementservice-kms_RecipientAttestation_ImageSha384)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR0](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR0)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR1](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR1)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR2](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR2)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR3](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR3)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR4](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR4)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR5](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR5)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR6](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR6)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR7](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR7)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR8](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR8)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR9](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR9)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR10](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR10)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR11](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR11)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR12](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR12)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR13](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR13)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR14](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR14)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR15](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR15)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR16](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR16)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR17](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR17)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR18](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR18)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR19](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR19)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR20](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR20)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR21](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR21)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR22](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR22)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR23](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR23)
[#awskeymanagementservice-kms_RecipientAttestation_PCR0](#awskeymanagementservice-kms_RecipientAttestation_PCR0)
[#awskeymanagementservice-kms_RecipientAttestation_PCR1](#awskeymanagementservice-kms_RecipientAttestation_PCR1)
[#awskeymanagementservice-kms_RecipientAttestation_PCR2](#awskeymanagementservice-kms_RecipientAttestation_PCR2)
[#awskeymanagementservice-kms_RecipientAttestation_PCR3](#awskeymanagementservice-kms_RecipientAttestation_PCR3)
[#awskeymanagementservice-kms_RecipientAttestation_PCR4](#awskeymanagementservice-kms_RecipientAttestation_PCR4)
[#awskeymanagementservice-kms_RecipientAttestation_PCR5](#awskeymanagementservice-kms_RecipientAttestation_PCR5)
[#awskeymanagementservice-kms_RecipientAttestation_PCR6](#awskeymanagementservice-kms_RecipientAttestation_PCR6)
[#awskeymanagementservice-kms_RecipientAttestation_PCR7](#awskeymanagementservice-kms_RecipientAttestation_PCR7)
[#awskeymanagementservice-kms_RecipientAttestation_PCR8](#awskeymanagementservice-kms_RecipientAttestation_PCR8)
[#awskeymanagementservice-kms_RecipientAttestation_PCR9](#awskeymanagementservice-kms_RecipientAttestation_PCR9)
[#awskeymanagementservice-kms_RecipientAttestation_PCR10](#awskeymanagementservice-kms_RecipientAttestation_PCR10)
[#awskeymanagementservice-kms_RecipientAttestation_PCR11](#awskeymanagementservice-kms_RecipientAttestation_PCR11)
[#awskeymanagementservice-kms_RecipientAttestation_PCR12](#awskeymanagementservice-kms_RecipientAttestation_PCR12)
[#awskeymanagementservice-kms_RecipientAttestation_PCR13](#awskeymanagementservice-kms_RecipientAttestation_PCR13)
[#awskeymanagementservice-kms_RecipientAttestation_PCR14](#awskeymanagementservice-kms_RecipientAttestation_PCR14)
[#awskeymanagementservice-kms_RecipientAttestation_PCR15](#awskeymanagementservice-kms_RecipientAttestation_PCR15)
[#awskeymanagementservice-kms_RecipientAttestation_PCR16](#awskeymanagementservice-kms_RecipientAttestation_PCR16)
[#awskeymanagementservice-kms_RecipientAttestation_PCR17](#awskeymanagementservice-kms_RecipientAttestation_PCR17)
[#awskeymanagementservice-kms_RecipientAttestation_PCR18](#awskeymanagementservice-kms_RecipientAttestation_PCR18)
[#awskeymanagementservice-kms_RecipientAttestation_PCR19](#awskeymanagementservice-kms_RecipientAttestation_PCR19)
[#awskeymanagementservice-kms_RecipientAttestation_PCR20](#awskeymanagementservice-kms_RecipientAttestation_PCR20)
[#awskeymanagementservice-kms_RecipientAttestation_PCR21](#awskeymanagementservice-kms_RecipientAttestation_PCR21)
[#awskeymanagementservice-kms_RecipientAttestation_PCR22](#awskeymanagementservice-kms_RecipientAttestation_PCR22)
[#awskeymanagementservice-kms_RecipientAttestation_PCR23](#awskeymanagementservice-kms_RecipientAttestation_PCR23)
[#awskeymanagementservice-kms_RecipientAttestation_PCR24](#awskeymanagementservice-kms_RecipientAttestation_PCR24)
[#awskeymanagementservice-kms_RecipientAttestation_PCR25](#awskeymanagementservice-kms_RecipientAttestation_PCR25)
[#awskeymanagementservice-kms_RecipientAttestation_PCR26](#awskeymanagementservice-kms_RecipientAttestation_PCR26)
[#awskeymanagementservice-kms_RecipientAttestation_PCR27](#awskeymanagementservice-kms_RecipientAttestation_PCR27)
[#awskeymanagementservice-kms_RecipientAttestation_PCR28](#awskeymanagementservice-kms_RecipientAttestation_PCR28)
[#awskeymanagementservice-kms_RecipientAttestation_PCR29](#awskeymanagementservice-kms_RecipientAttestation_PCR29)
[#awskeymanagementservice-kms_RecipientAttestation_PCR30](#awskeymanagementservice-kms_RecipientAttestation_PCR30)
[#awskeymanagementservice-kms_RecipientAttestation_PCR31](#awskeymanagementservice-kms_RecipientAttestation_PCR31)
[#awskeymanagementservice-kms_RequestAlias](#awskeymanagementservice-kms_RequestAlias)
[#awskeymanagementservice-kms_ViaService](#awskeymanagementservice-kms_ViaService) / **相依動作:**
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeCustomKeyStores.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeCustomKeyStores.html) **
- **描述:** 控制准許檢視帳戶和區域中的自訂金鑰存放區的詳細資訊
- **存取層級:** 讀取
- **資源類型 (\*必填項目):**
- **條件索引鍵:** [#awskeymanagementservice-kms_CallerAccount](#awskeymanagementservice-kms_CallerAccount)
- **相依動作:**
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html) **
- **描述:** 控制檢視 AWS KMS 金鑰詳細資訊的許可
- **存取層級:** 讀取
- **資源類型 (\*必填項目):** [#awskeymanagementservice-key](#awskeymanagementservice-key) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awskeymanagementservice-kms_CallerAccount](#awskeymanagementservice-kms_CallerAccount)
[#awskeymanagementservice-kms_RequestAlias](#awskeymanagementservice-kms_RequestAlias)
[#awskeymanagementservice-kms_ViaService](#awskeymanagementservice-kms_ViaService) / **相依動作:**
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_DisableKey.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_DisableKey.html) **
- **描述:** 控制停用 AWS KMS 金鑰的許可,以防止其用於密碼編譯操作
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awskeymanagementservice-key](#awskeymanagementservice-key) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awskeymanagementservice-kms_CallerAccount](#awskeymanagementservice-kms_CallerAccount)
[#awskeymanagementservice-kms_TrailingDaysWithoutKeyUsage](#awskeymanagementservice-kms_TrailingDaysWithoutKeyUsage)
[#awskeymanagementservice-kms_ViaService](#awskeymanagementservice-kms_ViaService) / **相依動作:**
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_DisableKeyRotation.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_DisableKeyRotation.html) **
- **描述:** 控制停用客戶受管 AWS KMS 金鑰自動輪換的許可
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awskeymanagementservice-key](#awskeymanagementservice-key) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awskeymanagementservice-kms_CallerAccount](#awskeymanagementservice-kms_CallerAccount)
[#awskeymanagementservice-kms_ViaService](#awskeymanagementservice-kms_ViaService) / **相依動作:**
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_DisconnectCustomKeyStore.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_DisconnectCustomKeyStore.html) **
- **描述:** 控制許可,以中斷自訂金鑰存放區與其關聯 AWS CloudHSM 叢集或外部金鑰管理器的連線 AWS
- **存取層級:** 寫入
- **資源類型 (\*必填項目):**
- **條件索引鍵:** [#awskeymanagementservice-kms_CallerAccount](#awskeymanagementservice-kms_CallerAccount)
- **相依動作:**
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_EnableKey.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_EnableKey.html) **
- **描述:** 控制將 AWS KMS 金鑰狀態變更為已啟用的許可。這可讓 KMS 金鑰用於密碼編譯操作
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awskeymanagementservice-key](#awskeymanagementservice-key) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awskeymanagementservice-kms_CallerAccount](#awskeymanagementservice-kms_CallerAccount)
[#awskeymanagementservice-kms_ViaService](#awskeymanagementservice-kms_ViaService) / **相依動作:**
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_EnableKeyRotation.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_EnableKeyRotation.html) **
- **描述:** 控制在 AWS KMS 金鑰中啟用密碼編譯資料自動輪換的許可
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awskeymanagementservice-key](#awskeymanagementservice-key) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awskeymanagementservice-kms_CallerAccount](#awskeymanagementservice-kms_CallerAccount)
[#awskeymanagementservice-kms_RotationPeriodInDays](#awskeymanagementservice-kms_RotationPeriodInDays)
[#awskeymanagementservice-kms_ViaService](#awskeymanagementservice-kms_ViaService) / **相依動作:**
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_Encrypt.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_Encrypt.html) **
- **描述:** 控制使用指定的 AWS KMS 金鑰來加密資料和資料金鑰的許可
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awskeymanagementservice-key](#awskeymanagementservice-key) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awskeymanagementservice-kms_CallerAccount](#awskeymanagementservice-kms_CallerAccount)
[#awskeymanagementservice-kms_EncryptionAlgorithm](#awskeymanagementservice-kms_EncryptionAlgorithm)
[#awskeymanagementservice-kms_EncryptionContext___EncryptionContextKey_](#awskeymanagementservice-kms_EncryptionContext___EncryptionContextKey_)
[#awskeymanagementservice-kms_EncryptionContextKeys](#awskeymanagementservice-kms_EncryptionContextKeys)
[#awskeymanagementservice-kms_RequestAlias](#awskeymanagementservice-kms_RequestAlias)
[#awskeymanagementservice-kms_ViaService](#awskeymanagementservice-kms_ViaService) / **相依動作:**
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_GenerateDataKey.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_GenerateDataKey.html) **
- **描述:** 控制使用 AWS KMS 金鑰產生資料金鑰的許可。您可以使用資料金鑰來加密 AWS KMS 外部的資料
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awskeymanagementservice-key](#awskeymanagementservice-key) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awskeymanagementservice-kms_CallerAccount](#awskeymanagementservice-kms_CallerAccount)
[#awskeymanagementservice-kms_EncryptionAlgorithm](#awskeymanagementservice-kms_EncryptionAlgorithm)
[#awskeymanagementservice-kms_EncryptionContext___EncryptionContextKey_](#awskeymanagementservice-kms_EncryptionContext___EncryptionContextKey_)
[#awskeymanagementservice-kms_EncryptionContextKeys](#awskeymanagementservice-kms_EncryptionContextKeys)
[#awskeymanagementservice-kms_RecipientAttestation_ImageSha384](#awskeymanagementservice-kms_RecipientAttestation_ImageSha384)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR0](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR0)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR1](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR1)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR2](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR2)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR3](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR3)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR4](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR4)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR5](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR5)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR6](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR6)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR7](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR7)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR8](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR8)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR9](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR9)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR10](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR10)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR11](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR11)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR12](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR12)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR13](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR13)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR14](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR14)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR15](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR15)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR16](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR16)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR17](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR17)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR18](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR18)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR19](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR19)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR20](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR20)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR21](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR21)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR22](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR22)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR23](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR23)
[#awskeymanagementservice-kms_RecipientAttestation_PCR0](#awskeymanagementservice-kms_RecipientAttestation_PCR0)
[#awskeymanagementservice-kms_RecipientAttestation_PCR1](#awskeymanagementservice-kms_RecipientAttestation_PCR1)
[#awskeymanagementservice-kms_RecipientAttestation_PCR2](#awskeymanagementservice-kms_RecipientAttestation_PCR2)
[#awskeymanagementservice-kms_RecipientAttestation_PCR3](#awskeymanagementservice-kms_RecipientAttestation_PCR3)
[#awskeymanagementservice-kms_RecipientAttestation_PCR4](#awskeymanagementservice-kms_RecipientAttestation_PCR4)
[#awskeymanagementservice-kms_RecipientAttestation_PCR5](#awskeymanagementservice-kms_RecipientAttestation_PCR5)
[#awskeymanagementservice-kms_RecipientAttestation_PCR6](#awskeymanagementservice-kms_RecipientAttestation_PCR6)
[#awskeymanagementservice-kms_RecipientAttestation_PCR7](#awskeymanagementservice-kms_RecipientAttestation_PCR7)
[#awskeymanagementservice-kms_RecipientAttestation_PCR8](#awskeymanagementservice-kms_RecipientAttestation_PCR8)
[#awskeymanagementservice-kms_RecipientAttestation_PCR9](#awskeymanagementservice-kms_RecipientAttestation_PCR9)
[#awskeymanagementservice-kms_RecipientAttestation_PCR10](#awskeymanagementservice-kms_RecipientAttestation_PCR10)
[#awskeymanagementservice-kms_RecipientAttestation_PCR11](#awskeymanagementservice-kms_RecipientAttestation_PCR11)
[#awskeymanagementservice-kms_RecipientAttestation_PCR12](#awskeymanagementservice-kms_RecipientAttestation_PCR12)
[#awskeymanagementservice-kms_RecipientAttestation_PCR13](#awskeymanagementservice-kms_RecipientAttestation_PCR13)
[#awskeymanagementservice-kms_RecipientAttestation_PCR14](#awskeymanagementservice-kms_RecipientAttestation_PCR14)
[#awskeymanagementservice-kms_RecipientAttestation_PCR15](#awskeymanagementservice-kms_RecipientAttestation_PCR15)
[#awskeymanagementservice-kms_RecipientAttestation_PCR16](#awskeymanagementservice-kms_RecipientAttestation_PCR16)
[#awskeymanagementservice-kms_RecipientAttestation_PCR17](#awskeymanagementservice-kms_RecipientAttestation_PCR17)
[#awskeymanagementservice-kms_RecipientAttestation_PCR18](#awskeymanagementservice-kms_RecipientAttestation_PCR18)
[#awskeymanagementservice-kms_RecipientAttestation_PCR19](#awskeymanagementservice-kms_RecipientAttestation_PCR19)
[#awskeymanagementservice-kms_RecipientAttestation_PCR20](#awskeymanagementservice-kms_RecipientAttestation_PCR20)
[#awskeymanagementservice-kms_RecipientAttestation_PCR21](#awskeymanagementservice-kms_RecipientAttestation_PCR21)
[#awskeymanagementservice-kms_RecipientAttestation_PCR22](#awskeymanagementservice-kms_RecipientAttestation_PCR22)
[#awskeymanagementservice-kms_RecipientAttestation_PCR23](#awskeymanagementservice-kms_RecipientAttestation_PCR23)
[#awskeymanagementservice-kms_RecipientAttestation_PCR24](#awskeymanagementservice-kms_RecipientAttestation_PCR24)
[#awskeymanagementservice-kms_RecipientAttestation_PCR25](#awskeymanagementservice-kms_RecipientAttestation_PCR25)
[#awskeymanagementservice-kms_RecipientAttestation_PCR26](#awskeymanagementservice-kms_RecipientAttestation_PCR26)
[#awskeymanagementservice-kms_RecipientAttestation_PCR27](#awskeymanagementservice-kms_RecipientAttestation_PCR27)
[#awskeymanagementservice-kms_RecipientAttestation_PCR28](#awskeymanagementservice-kms_RecipientAttestation_PCR28)
[#awskeymanagementservice-kms_RecipientAttestation_PCR29](#awskeymanagementservice-kms_RecipientAttestation_PCR29)
[#awskeymanagementservice-kms_RecipientAttestation_PCR30](#awskeymanagementservice-kms_RecipientAttestation_PCR30)
[#awskeymanagementservice-kms_RecipientAttestation_PCR31](#awskeymanagementservice-kms_RecipientAttestation_PCR31)
[#awskeymanagementservice-kms_RequestAlias](#awskeymanagementservice-kms_RequestAlias)
[#awskeymanagementservice-kms_ViaService](#awskeymanagementservice-kms_ViaService) / **相依動作:**
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_GenerateDataKeyPair.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_GenerateDataKeyPair.html) **
- **描述:** 控制使用 AWS KMS 金鑰產生資料金鑰對的許可
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awskeymanagementservice-key](#awskeymanagementservice-key) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awskeymanagementservice-kms_CallerAccount](#awskeymanagementservice-kms_CallerAccount)
[#awskeymanagementservice-kms_DataKeyPairSpec](#awskeymanagementservice-kms_DataKeyPairSpec)
[#awskeymanagementservice-kms_EncryptionAlgorithm](#awskeymanagementservice-kms_EncryptionAlgorithm)
[#awskeymanagementservice-kms_EncryptionContext___EncryptionContextKey_](#awskeymanagementservice-kms_EncryptionContext___EncryptionContextKey_)
[#awskeymanagementservice-kms_EncryptionContextKeys](#awskeymanagementservice-kms_EncryptionContextKeys)
[#awskeymanagementservice-kms_RecipientAttestation_ImageSha384](#awskeymanagementservice-kms_RecipientAttestation_ImageSha384)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR0](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR0)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR1](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR1)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR2](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR2)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR3](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR3)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR4](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR4)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR5](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR5)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR6](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR6)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR7](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR7)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR8](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR8)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR9](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR9)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR10](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR10)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR11](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR11)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR12](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR12)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR13](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR13)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR14](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR14)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR15](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR15)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR16](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR16)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR17](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR17)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR18](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR18)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR19](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR19)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR20](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR20)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR21](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR21)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR22](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR22)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR23](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR23)
[#awskeymanagementservice-kms_RecipientAttestation_PCR0](#awskeymanagementservice-kms_RecipientAttestation_PCR0)
[#awskeymanagementservice-kms_RecipientAttestation_PCR1](#awskeymanagementservice-kms_RecipientAttestation_PCR1)
[#awskeymanagementservice-kms_RecipientAttestation_PCR2](#awskeymanagementservice-kms_RecipientAttestation_PCR2)
[#awskeymanagementservice-kms_RecipientAttestation_PCR3](#awskeymanagementservice-kms_RecipientAttestation_PCR3)
[#awskeymanagementservice-kms_RecipientAttestation_PCR4](#awskeymanagementservice-kms_RecipientAttestation_PCR4)
[#awskeymanagementservice-kms_RecipientAttestation_PCR5](#awskeymanagementservice-kms_RecipientAttestation_PCR5)
[#awskeymanagementservice-kms_RecipientAttestation_PCR6](#awskeymanagementservice-kms_RecipientAttestation_PCR6)
[#awskeymanagementservice-kms_RecipientAttestation_PCR7](#awskeymanagementservice-kms_RecipientAttestation_PCR7)
[#awskeymanagementservice-kms_RecipientAttestation_PCR8](#awskeymanagementservice-kms_RecipientAttestation_PCR8)
[#awskeymanagementservice-kms_RecipientAttestation_PCR9](#awskeymanagementservice-kms_RecipientAttestation_PCR9)
[#awskeymanagementservice-kms_RecipientAttestation_PCR10](#awskeymanagementservice-kms_RecipientAttestation_PCR10)
[#awskeymanagementservice-kms_RecipientAttestation_PCR11](#awskeymanagementservice-kms_RecipientAttestation_PCR11)
[#awskeymanagementservice-kms_RecipientAttestation_PCR12](#awskeymanagementservice-kms_RecipientAttestation_PCR12)
[#awskeymanagementservice-kms_RecipientAttestation_PCR13](#awskeymanagementservice-kms_RecipientAttestation_PCR13)
[#awskeymanagementservice-kms_RecipientAttestation_PCR14](#awskeymanagementservice-kms_RecipientAttestation_PCR14)
[#awskeymanagementservice-kms_RecipientAttestation_PCR15](#awskeymanagementservice-kms_RecipientAttestation_PCR15)
[#awskeymanagementservice-kms_RecipientAttestation_PCR16](#awskeymanagementservice-kms_RecipientAttestation_PCR16)
[#awskeymanagementservice-kms_RecipientAttestation_PCR17](#awskeymanagementservice-kms_RecipientAttestation_PCR17)
[#awskeymanagementservice-kms_RecipientAttestation_PCR18](#awskeymanagementservice-kms_RecipientAttestation_PCR18)
[#awskeymanagementservice-kms_RecipientAttestation_PCR19](#awskeymanagementservice-kms_RecipientAttestation_PCR19)
[#awskeymanagementservice-kms_RecipientAttestation_PCR20](#awskeymanagementservice-kms_RecipientAttestation_PCR20)
[#awskeymanagementservice-kms_RecipientAttestation_PCR21](#awskeymanagementservice-kms_RecipientAttestation_PCR21)
[#awskeymanagementservice-kms_RecipientAttestation_PCR22](#awskeymanagementservice-kms_RecipientAttestation_PCR22)
[#awskeymanagementservice-kms_RecipientAttestation_PCR23](#awskeymanagementservice-kms_RecipientAttestation_PCR23)
[#awskeymanagementservice-kms_RecipientAttestation_PCR24](#awskeymanagementservice-kms_RecipientAttestation_PCR24)
[#awskeymanagementservice-kms_RecipientAttestation_PCR25](#awskeymanagementservice-kms_RecipientAttestation_PCR25)
[#awskeymanagementservice-kms_RecipientAttestation_PCR26](#awskeymanagementservice-kms_RecipientAttestation_PCR26)
[#awskeymanagementservice-kms_RecipientAttestation_PCR27](#awskeymanagementservice-kms_RecipientAttestation_PCR27)
[#awskeymanagementservice-kms_RecipientAttestation_PCR28](#awskeymanagementservice-kms_RecipientAttestation_PCR28)
[#awskeymanagementservice-kms_RecipientAttestation_PCR29](#awskeymanagementservice-kms_RecipientAttestation_PCR29)
[#awskeymanagementservice-kms_RecipientAttestation_PCR30](#awskeymanagementservice-kms_RecipientAttestation_PCR30)
[#awskeymanagementservice-kms_RecipientAttestation_PCR31](#awskeymanagementservice-kms_RecipientAttestation_PCR31)
[#awskeymanagementservice-kms_RequestAlias](#awskeymanagementservice-kms_RequestAlias)
[#awskeymanagementservice-kms_ViaService](#awskeymanagementservice-kms_ViaService) / **相依動作:**
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_GenerateDataKeyPairWithoutPlaintext.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_GenerateDataKeyPairWithoutPlaintext.html) **
- **描述:** 控制使用 AWS KMS 金鑰產生資料金鑰對的許可。與 GenerateDataKeyPair 操作不同,此操作會傳回加密的私有金鑰,但不含純文字複本
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awskeymanagementservice-key](#awskeymanagementservice-key) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awskeymanagementservice-kms_CallerAccount](#awskeymanagementservice-kms_CallerAccount)
[#awskeymanagementservice-kms_DataKeyPairSpec](#awskeymanagementservice-kms_DataKeyPairSpec)
[#awskeymanagementservice-kms_EncryptionAlgorithm](#awskeymanagementservice-kms_EncryptionAlgorithm)
[#awskeymanagementservice-kms_EncryptionContext___EncryptionContextKey_](#awskeymanagementservice-kms_EncryptionContext___EncryptionContextKey_)
[#awskeymanagementservice-kms_EncryptionContextKeys](#awskeymanagementservice-kms_EncryptionContextKeys)
[#awskeymanagementservice-kms_RequestAlias](#awskeymanagementservice-kms_RequestAlias)
[#awskeymanagementservice-kms_ViaService](#awskeymanagementservice-kms_ViaService) / **相依動作:**
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_GenerateDataKeyWithoutPlaintext.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_GenerateDataKeyWithoutPlaintext.html) **
- **描述:** 控制使用 AWS KMS 金鑰產生資料金鑰的許可。與 GenerateDataKey 操作不同,這個操作會傳回加密的資料金鑰,而沒有資料金鑰的純文字版本
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awskeymanagementservice-key](#awskeymanagementservice-key) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awskeymanagementservice-kms_CallerAccount](#awskeymanagementservice-kms_CallerAccount)
[#awskeymanagementservice-kms_EncryptionAlgorithm](#awskeymanagementservice-kms_EncryptionAlgorithm)
[#awskeymanagementservice-kms_EncryptionContext___EncryptionContextKey_](#awskeymanagementservice-kms_EncryptionContext___EncryptionContextKey_)
[#awskeymanagementservice-kms_EncryptionContextKeys](#awskeymanagementservice-kms_EncryptionContextKeys)
[#awskeymanagementservice-kms_RequestAlias](#awskeymanagementservice-kms_RequestAlias)
[#awskeymanagementservice-kms_ViaService](#awskeymanagementservice-kms_ViaService) / **相依動作:**
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_GenerateMac.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_GenerateMac.html) **
- **描述:** 控制使用 AWS KMS 金鑰產生訊息驗證碼的許可
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awskeymanagementservice-key](#awskeymanagementservice-key) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awskeymanagementservice-kms_CallerAccount](#awskeymanagementservice-kms_CallerAccount)
[#awskeymanagementservice-kms_MacAlgorithm](#awskeymanagementservice-kms_MacAlgorithm)
[#awskeymanagementservice-kms_RequestAlias](#awskeymanagementservice-kms_RequestAlias)
[#awskeymanagementservice-kms_ViaService](#awskeymanagementservice-kms_ViaService) / **相依動作:**
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_GenerateRandom.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_GenerateRandom.html) **
- **描述:** 控制從 AWS KMS 取得密碼編譯安全隨機位元組字串的許可
- **存取層級:** 寫入
- **資源類型 (\*必填項目):**
- **條件索引鍵:** [#awskeymanagementservice-kms_RecipientAttestation_ImageSha384](#awskeymanagementservice-kms_RecipientAttestation_ImageSha384)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR0](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR0)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR1](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR1)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR2](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR2)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR3](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR3)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR4](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR4)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR5](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR5)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR6](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR6)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR7](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR7)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR8](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR8)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR9](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR9)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR10](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR10)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR11](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR11)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR12](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR12)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR13](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR13)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR14](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR14)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR15](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR15)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR16](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR16)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR17](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR17)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR18](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR18)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR19](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR19)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR20](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR20)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR21](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR21)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR22](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR22)
[#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR23](#awskeymanagementservice-kms_RecipientAttestation_NitroTPMPCR23)
[#awskeymanagementservice-kms_RecipientAttestation_PCR0](#awskeymanagementservice-kms_RecipientAttestation_PCR0)
[#awskeymanagementservice-kms_RecipientAttestation_PCR1](#awskeymanagementservice-kms_RecipientAttestation_PCR1)
[#awskeymanagementservice-kms_RecipientAttestation_PCR2](#awskeymanagementservice-kms_RecipientAttestation_PCR2)
[#awskeymanagementservice-kms_RecipientAttestation_PCR3](#awskeymanagementservice-kms_RecipientAttestation_PCR3)
[#awskeymanagementservice-kms_RecipientAttestation_PCR4](#awskeymanagementservice-kms_RecipientAttestation_PCR4)
[#awskeymanagementservice-kms_RecipientAttestation_PCR5](#awskeymanagementservice-kms_RecipientAttestation_PCR5)
[#awskeymanagementservice-kms_RecipientAttestation_PCR6](#awskeymanagementservice-kms_RecipientAttestation_PCR6)
[#awskeymanagementservice-kms_RecipientAttestation_PCR7](#awskeymanagementservice-kms_RecipientAttestation_PCR7)
[#awskeymanagementservice-kms_RecipientAttestation_PCR8](#awskeymanagementservice-kms_RecipientAttestation_PCR8)
[#awskeymanagementservice-kms_RecipientAttestation_PCR9](#awskeymanagementservice-kms_RecipientAttestation_PCR9)
[#awskeymanagementservice-kms_RecipientAttestation_PCR10](#awskeymanagementservice-kms_RecipientAttestation_PCR10)
[#awskeymanagementservice-kms_RecipientAttestation_PCR11](#awskeymanagementservice-kms_RecipientAttestation_PCR11)
[#awskeymanagementservice-kms_RecipientAttestation_PCR12](#awskeymanagementservice-kms_RecipientAttestation_PCR12)
[#awskeymanagementservice-kms_RecipientAttestation_PCR13](#awskeymanagementservice-kms_RecipientAttestation_PCR13)
[#awskeymanagementservice-kms_RecipientAttestation_PCR14](#awskeymanagementservice-kms_RecipientAttestation_PCR14)
[#awskeymanagementservice-kms_RecipientAttestation_PCR15](#awskeymanagementservice-kms_RecipientAttestation_PCR15)
[#awskeymanagementservice-kms_RecipientAttestation_PCR16](#awskeymanagementservice-kms_RecipientAttestation_PCR16)
[#awskeymanagementservice-kms_RecipientAttestation_PCR17](#awskeymanagementservice-kms_RecipientAttestation_PCR17)
[#awskeymanagementservice-kms_RecipientAttestation_PCR18](#awskeymanagementservice-kms_RecipientAttestation_PCR18)
[#awskeymanagementservice-kms_RecipientAttestation_PCR19](#awskeymanagementservice-kms_RecipientAttestation_PCR19)
[#awskeymanagementservice-kms_RecipientAttestation_PCR20](#awskeymanagementservice-kms_RecipientAttestation_PCR20)
[#awskeymanagementservice-kms_RecipientAttestation_PCR21](#awskeymanagementservice-kms_RecipientAttestation_PCR21)
[#awskeymanagementservice-kms_RecipientAttestation_PCR22](#awskeymanagementservice-kms_RecipientAttestation_PCR22)
[#awskeymanagementservice-kms_RecipientAttestation_PCR23](#awskeymanagementservice-kms_RecipientAttestation_PCR23)
[#awskeymanagementservice-kms_RecipientAttestation_PCR24](#awskeymanagementservice-kms_RecipientAttestation_PCR24)
[#awskeymanagementservice-kms_RecipientAttestation_PCR25](#awskeymanagementservice-kms_RecipientAttestation_PCR25)
[#awskeymanagementservice-kms_RecipientAttestation_PCR26](#awskeymanagementservice-kms_RecipientAttestation_PCR26)
[#awskeymanagementservice-kms_RecipientAttestation_PCR27](#awskeymanagementservice-kms_RecipientAttestation_PCR27)
[#awskeymanagementservice-kms_RecipientAttestation_PCR28](#awskeymanagementservice-kms_RecipientAttestation_PCR28)
[#awskeymanagementservice-kms_RecipientAttestation_PCR29](#awskeymanagementservice-kms_RecipientAttestation_PCR29)
[#awskeymanagementservice-kms_RecipientAttestation_PCR30](#awskeymanagementservice-kms_RecipientAttestation_PCR30)
[#awskeymanagementservice-kms_RecipientAttestation_PCR31](#awskeymanagementservice-kms_RecipientAttestation_PCR31)
- **相依動作:**
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_GetKeyLastUsage.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_GetKeyLastUsage.html) **
- **描述:** 控制檢視 AWS KMS 金鑰上次使用情況的許可
- **存取層級:** 讀取
- **資源類型 (\*必填項目):** [#awskeymanagementservice-key](#awskeymanagementservice-key) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awskeymanagementservice-kms_CallerAccount](#awskeymanagementservice-kms_CallerAccount)
[#awskeymanagementservice-kms_ViaService](#awskeymanagementservice-kms_ViaService) / **相依動作:**
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_GetKeyPolicy.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_GetKeyPolicy.html) **
- **描述:** 控制檢視指定 AWS KMS 金鑰之金鑰政策的許可
- **存取層級:** 讀取
- **資源類型 (\*必填項目):** [#awskeymanagementservice-key](#awskeymanagementservice-key) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awskeymanagementservice-kms_CallerAccount](#awskeymanagementservice-kms_CallerAccount)
[#awskeymanagementservice-kms_ViaService](#awskeymanagementservice-kms_ViaService) / **相依動作:**
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_GetKeyRotationStatus.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_GetKeyRotationStatus.html) **
- **描述:** 控制檢視 AWS KMS 金鑰金鑰輪換狀態的許可
- **存取層級:** 讀取
- **資源類型 (\*必填項目):** [#awskeymanagementservice-key](#awskeymanagementservice-key) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awskeymanagementservice-kms_CallerAccount](#awskeymanagementservice-kms_CallerAccount)
[#awskeymanagementservice-kms_ViaService](#awskeymanagementservice-kms_ViaService) / **相依動作:**
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_GetParametersForImport.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_GetParametersForImport.html) **
- **描述:** 針對將密碼編譯資料匯入客戶受管金鑰,控制准許取得所需的資料,包括公有金鑰和匯入符記
- **存取層級:** 讀取
- **資源類型 (\*必填項目):** [#awskeymanagementservice-key](#awskeymanagementservice-key) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awskeymanagementservice-kms_CallerAccount](#awskeymanagementservice-kms_CallerAccount)
[#awskeymanagementservice-kms_ViaService](#awskeymanagementservice-kms_ViaService)
[#awskeymanagementservice-kms_WrappingAlgorithm](#awskeymanagementservice-kms_WrappingAlgorithm)
[#awskeymanagementservice-kms_WrappingKeySpec](#awskeymanagementservice-kms_WrappingKeySpec) / **相依動作:**
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_GetPublicKey.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_GetPublicKey.html) **
- **描述:** 控制下載非對稱 AWS KMS 金鑰公有金鑰的許可
- **存取層級:** 讀取
- **資源類型 (\*必填項目):** [#awskeymanagementservice-key](#awskeymanagementservice-key) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awskeymanagementservice-kms_CallerAccount](#awskeymanagementservice-kms_CallerAccount)
[#awskeymanagementservice-kms_RequestAlias](#awskeymanagementservice-kms_RequestAlias)
[#awskeymanagementservice-kms_ViaService](#awskeymanagementservice-kms_ViaService) / **相依動作:**
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_ImportKeyMaterial.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_ImportKeyMaterial.html) **
- **描述:** 控制將密碼編譯資料匯入 AWS KMS 金鑰的許可
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awskeymanagementservice-key](#awskeymanagementservice-key) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awskeymanagementservice-kms_CallerAccount](#awskeymanagementservice-kms_CallerAccount)
[#awskeymanagementservice-kms_ExpirationModel](#awskeymanagementservice-kms_ExpirationModel)
[#awskeymanagementservice-kms_ValidTo](#awskeymanagementservice-kms_ValidTo)
[#awskeymanagementservice-kms_ViaService](#awskeymanagementservice-kms_ViaService) / **相依動作:**
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_ListAliases.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_ListAliases.html) **
- **描述:** 控制准許檢視帳戶中定義的別名。別名是您可以與 AWS KMS 金鑰建立關聯的選用易記名稱
- **存取層級:** 清單
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:**
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_ListGrants.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_ListGrants.html) **
- **描述:** 控制檢視 AWS KMS 金鑰所有授予的許可
- **存取層級:** 清單
- **資源類型 (\*必填項目):** [#awskeymanagementservice-key](#awskeymanagementservice-key) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awskeymanagementservice-kms_CallerAccount](#awskeymanagementservice-kms_CallerAccount)
[#awskeymanagementservice-kms_GrantIsForAWSResource](#awskeymanagementservice-kms_GrantIsForAWSResource)
[#awskeymanagementservice-kms_ViaService](#awskeymanagementservice-kms_ViaService) / **相依動作:**
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_ListKeyPolicies.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_ListKeyPolicies.html) **
- **描述:** 控制檢視 AWS KMS 金鑰之金鑰政策名稱的許可
- **存取層級:** 清單
- **資源類型 (\*必填項目):** [#awskeymanagementservice-key](#awskeymanagementservice-key) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awskeymanagementservice-kms_CallerAccount](#awskeymanagementservice-kms_CallerAccount)
[#awskeymanagementservice-kms_ViaService](#awskeymanagementservice-kms_ViaService) / **相依動作:**
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_ListKeyRotations.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_ListKeyRotations.html) **
- **描述:** 控制檢視 AWS KMS 金鑰之金鑰材料清單的許可
- **存取層級:** 清單
- **資源類型 (\*必填項目):** [#awskeymanagementservice-key](#awskeymanagementservice-key) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awskeymanagementservice-kms_CallerAccount](#awskeymanagementservice-kms_CallerAccount)
[#awskeymanagementservice-kms_ViaService](#awskeymanagementservice-kms_ViaService) / **相依動作:**
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_ListKeys.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_ListKeys.html) **
- **描述:** 控制檢視帳戶中所有 AWS KMS 金鑰之金鑰 ID 和 Amazon Resource Name (ARN) 的許可
- **存取層級:** 清單
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:**
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_ListResourceTags.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_ListResourceTags.html) **
- **描述:** 控制檢視連接到 AWS KMS 金鑰之所有標籤的許可
- **存取層級:** 清單
- **資源類型 (\*必填項目):** [#awskeymanagementservice-key](#awskeymanagementservice-key) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awskeymanagementservice-kms_CallerAccount](#awskeymanagementservice-kms_CallerAccount)
[#awskeymanagementservice-kms_ViaService](#awskeymanagementservice-kms_ViaService) / **相依動作:**
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_ListRetirableGrants.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_ListRetirableGrants.html) **
- **描述:** 控制准許檢視以特定委託人為淘汰委託人的授與。其他委託人可能淘汰准許,而此委託人可能汰換其他准許
- **存取層級:** 清單
- **資源類型 (\*必填項目):**
- **條件索引鍵:**
- **相依動作:**
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_PutKeyPolicy.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_PutKeyPolicy.html) **
- **描述:** 控制取代指定 AWS KMS 金鑰之金鑰政策的許可
- **存取層級:** 許可管理
- **資源類型 (\*必填項目):** [#awskeymanagementservice-key](#awskeymanagementservice-key) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awskeymanagementservice-kms_BypassPolicyLockoutSafetyCheck](#awskeymanagementservice-kms_BypassPolicyLockoutSafetyCheck)
[#awskeymanagementservice-kms_CallerAccount](#awskeymanagementservice-kms_CallerAccount)
[#awskeymanagementservice-kms_ViaService](#awskeymanagementservice-kms_ViaService) / **相依動作:**
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_ReEncrypt.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_ReEncrypt.html) **
- **描述:** 在解密和重新加密 AWS KMS 內資料的過程中,控制解密資料的許可
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awskeymanagementservice-key](#awskeymanagementservice-key) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awskeymanagementservice-kms_CallerAccount](#awskeymanagementservice-kms_CallerAccount)
[#awskeymanagementservice-kms_EncryptionAlgorithm](#awskeymanagementservice-kms_EncryptionAlgorithm)
[#awskeymanagementservice-kms_EncryptionContext___EncryptionContextKey_](#awskeymanagementservice-kms_EncryptionContext___EncryptionContextKey_)
[#awskeymanagementservice-kms_EncryptionContextKeys](#awskeymanagementservice-kms_EncryptionContextKeys)
[#awskeymanagementservice-kms_ReEncryptOnSameKey](#awskeymanagementservice-kms_ReEncryptOnSameKey)
[#awskeymanagementservice-kms_RequestAlias](#awskeymanagementservice-kms_RequestAlias)
[#awskeymanagementservice-kms_ViaService](#awskeymanagementservice-kms_ViaService) / **相依動作:**
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_ReEncrypt.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_ReEncrypt.html) **
- **描述:** 在解密和重新加密 AWS KMS 內資料的程序中,控制加密資料的許可
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awskeymanagementservice-key](#awskeymanagementservice-key) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awskeymanagementservice-kms_CallerAccount](#awskeymanagementservice-kms_CallerAccount)
[#awskeymanagementservice-kms_EncryptionAlgorithm](#awskeymanagementservice-kms_EncryptionAlgorithm)
[#awskeymanagementservice-kms_EncryptionContext___EncryptionContextKey_](#awskeymanagementservice-kms_EncryptionContext___EncryptionContextKey_)
[#awskeymanagementservice-kms_EncryptionContextKeys](#awskeymanagementservice-kms_EncryptionContextKeys)
[#awskeymanagementservice-kms_ReEncryptOnSameKey](#awskeymanagementservice-kms_ReEncryptOnSameKey)
[#awskeymanagementservice-kms_RequestAlias](#awskeymanagementservice-kms_RequestAlias)
[#awskeymanagementservice-kms_ViaService](#awskeymanagementservice-kms_ViaService) / **相依動作:**
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_ReplicateKey.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_ReplicateKey.html) **
- **描述:** 控制是否准許複製多區域主要金鑰
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awskeymanagementservice-key](#awskeymanagementservice-key) / **條件索引鍵:** / **相依動作:** iam:CreateServiceLinkedRole
kms:CreateKey
kms:PutKeyPolicy
kms:TagResource
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awskeymanagementservice-kms_CallerAccount](#awskeymanagementservice-kms_CallerAccount)
[#awskeymanagementservice-kms_ReplicaRegion](#awskeymanagementservice-kms_ReplicaRegion)
[#awskeymanagementservice-kms_ViaService](#awskeymanagementservice-kms_ViaService) / **相依動作:**
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html) **
- **描述:** 控制准許淘汰授與。在准許使用者完成准許所允許執行的任務後,通常會呼叫 RetireGrant 操作
- **存取層級:** 許可管理
- **資源類型 (\*必填項目):** [#awskeymanagementservice-key](#awskeymanagementservice-key) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awskeymanagementservice-kms_CallerAccount](#awskeymanagementservice-kms_CallerAccount)
[#awskeymanagementservice-kms_EncryptionContext___EncryptionContextKey_](#awskeymanagementservice-kms_EncryptionContext___EncryptionContextKey_)
[#awskeymanagementservice-kms_EncryptionContextKeys](#awskeymanagementservice-kms_EncryptionContextKeys)
[#awskeymanagementservice-kms_GrantConstraintType](#awskeymanagementservice-kms_GrantConstraintType)
[#awskeymanagementservice-kms_ViaService](#awskeymanagementservice-kms_ViaService) / **相依動作:**
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_RevokeGrant.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_RevokeGrant.html) **
- **描述:** 控制准許撤銷准許,以拒絕所有取決於該准許的操作
- **存取層級:** 許可管理
- **資源類型 (\*必填項目):** [#awskeymanagementservice-key](#awskeymanagementservice-key) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awskeymanagementservice-kms_CallerAccount](#awskeymanagementservice-kms_CallerAccount)
[#awskeymanagementservice-kms_GrantIsForAWSResource](#awskeymanagementservice-kms_GrantIsForAWSResource)
[#awskeymanagementservice-kms_ViaService](#awskeymanagementservice-kms_ViaService) / **相依動作:**
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_RotateKeyOnDemand.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_RotateKeyOnDemand.html) **
- **描述:** 控制叫用 AWS KMS 金鑰中密碼編譯資料隨需輪換的許可
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awskeymanagementservice-key](#awskeymanagementservice-key) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awskeymanagementservice-kms_CallerAccount](#awskeymanagementservice-kms_CallerAccount)
[#awskeymanagementservice-kms_ViaService](#awskeymanagementservice-kms_ViaService) / **相依動作:**
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_ScheduleKeyDeletion.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_ScheduleKeyDeletion.html) **
- **描述:** 控制排程刪除 AWS KMS 金鑰的許可
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awskeymanagementservice-key](#awskeymanagementservice-key) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awskeymanagementservice-kms_CallerAccount](#awskeymanagementservice-kms_CallerAccount)
[#awskeymanagementservice-kms_ScheduleKeyDeletionPendingWindowInDays](#awskeymanagementservice-kms_ScheduleKeyDeletionPendingWindowInDays)
[#awskeymanagementservice-kms_TrailingDaysWithoutKeyUsage](#awskeymanagementservice-kms_TrailingDaysWithoutKeyUsage)
[#awskeymanagementservice-kms_ViaService](#awskeymanagementservice-kms_ViaService) / **相依動作:**
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_Sign.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_Sign.html) **
- **描述:** 控制准許產生訊息的數位簽章
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awskeymanagementservice-key](#awskeymanagementservice-key) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awskeymanagementservice-kms_CallerAccount](#awskeymanagementservice-kms_CallerAccount)
[#awskeymanagementservice-kms_MessageType](#awskeymanagementservice-kms_MessageType)
[#awskeymanagementservice-kms_RequestAlias](#awskeymanagementservice-kms_RequestAlias)
[#awskeymanagementservice-kms_SigningAlgorithm](#awskeymanagementservice-kms_SigningAlgorithm)
[#awskeymanagementservice-kms_ViaService](#awskeymanagementservice-kms_ViaService) / **相依動作:**
- ** [https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-auth.html#multi-region-auth-slr](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-auth.html#multi-region-auth-slr) [僅限許可]**
- **描述:** 控制同步處理多區域索引鍵的內部 API 之存取
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awskeymanagementservice-key](#awskeymanagementservice-key)
- **條件索引鍵:**
- **相依動作:**
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_TagResource.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_TagResource.html) **
- **描述:** 控制建立或更新連接到 AWS KMS 金鑰之標籤的許可
- **存取層級:** 標記
- **資源類型 (\*必填項目):** [#awskeymanagementservice-key](#awskeymanagementservice-key) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awskeymanagementservice-aws_RequestTag___TagKey_](#awskeymanagementservice-aws_RequestTag___TagKey_)
[#awskeymanagementservice-aws_TagKeys](#awskeymanagementservice-aws_TagKeys)
[#awskeymanagementservice-kms_CallerAccount](#awskeymanagementservice-kms_CallerAccount)
[#awskeymanagementservice-kms_ViaService](#awskeymanagementservice-kms_ViaService) / **相依動作:**
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_UntagResource.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_UntagResource.html) **
- **描述:** 控制刪除連接到 AWS KMS 金鑰之標籤的許可
- **存取層級:** 標記
- **資源類型 (\*必填項目):** [#awskeymanagementservice-key](#awskeymanagementservice-key) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awskeymanagementservice-aws_TagKeys](#awskeymanagementservice-aws_TagKeys)
[#awskeymanagementservice-kms_CallerAccount](#awskeymanagementservice-kms_CallerAccount)
[#awskeymanagementservice-kms_ViaService](#awskeymanagementservice-kms_ViaService) / **相依動作:**
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_UpdateAlias.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_UpdateAlias.html) **
- **描述:** 控制將別名與不同 AWS KMS 金鑰建立關聯的許可。別名是選用的易記名稱,可以與 KMS 金鑰建立關聯
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awskeymanagementservice-alias](#awskeymanagementservice-alias) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** [#awskeymanagementservice-key](#awskeymanagementservice-key) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awskeymanagementservice-kms_CallerAccount](#awskeymanagementservice-kms_CallerAccount)
[#awskeymanagementservice-kms_ViaService](#awskeymanagementservice-kms_ViaService) / **相依動作:**
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_UpdateCustomKeyStore.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_UpdateCustomKeyStore.html) **
- **描述:** 控制准許變更自訂金鑰存放區的屬性
- **存取層級:** 寫入
- **資源類型 (\*必填項目):**
- **條件索引鍵:** [#awskeymanagementservice-kms_CallerAccount](#awskeymanagementservice-kms_CallerAccount)
- **相依動作:** ec2:DescribeVpcEndpointServices
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_UpdateKeyDescription.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_UpdateKeyDescription.html) **
- **描述:** 控制刪除或變更 AWS KMS 金鑰描述的許可
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awskeymanagementservice-key](#awskeymanagementservice-key) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awskeymanagementservice-kms_CallerAccount](#awskeymanagementservice-kms_CallerAccount)
[#awskeymanagementservice-kms_ViaService](#awskeymanagementservice-kms_ViaService) / **相依動作:**
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_UpdatePrimaryRegion.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_UpdatePrimaryRegion.html) **
- **描述:** 控制是否准許更新多區域主要金鑰的主要區域
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awskeymanagementservice-key](#awskeymanagementservice-key) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awskeymanagementservice-kms_CallerAccount](#awskeymanagementservice-kms_CallerAccount)
[#awskeymanagementservice-kms_PrimaryRegion](#awskeymanagementservice-kms_PrimaryRegion)
[#awskeymanagementservice-kms_ViaService](#awskeymanagementservice-kms_ViaService) / **相依動作:**
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_Verify.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_Verify.html) **
- **描述:** 控制使用指定 AWS KMS 金鑰驗證數位簽章的許可
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awskeymanagementservice-key](#awskeymanagementservice-key) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awskeymanagementservice-kms_CallerAccount](#awskeymanagementservice-kms_CallerAccount)
[#awskeymanagementservice-kms_MessageType](#awskeymanagementservice-kms_MessageType)
[#awskeymanagementservice-kms_RequestAlias](#awskeymanagementservice-kms_RequestAlias)
[#awskeymanagementservice-kms_SigningAlgorithm](#awskeymanagementservice-kms_SigningAlgorithm)
[#awskeymanagementservice-kms_ViaService](#awskeymanagementservice-kms_ViaService) / **相依動作:**
- ** [https://docs.aws.amazon.com/kms/latest/APIReference/API_VerifyMac.html](https://docs.aws.amazon.com/kms/latest/APIReference/API_VerifyMac.html) **
- **描述:** 控制使用 AWS KMS 金鑰驗證訊息驗證碼的許可
- **存取層級:** 寫入
- **資源類型 (\*必填項目):** [#awskeymanagementservice-key](#awskeymanagementservice-key) / **條件索引鍵:** / **相依動作:**
- **資源類型 (\*必填項目):** / **條件索引鍵:** [#awskeymanagementservice-kms_CallerAccount](#awskeymanagementservice-kms_CallerAccount)
[#awskeymanagementservice-kms_MacAlgorithm](#awskeymanagementservice-kms_MacAlgorithm)
[#awskeymanagementservice-kms_RequestAlias](#awskeymanagementservice-kms_RequestAlias)
[#awskeymanagementservice-kms_ViaService](#awskeymanagementservice-kms_ViaService) / **相依動作:**
## AWS Key Management Service 定義的資源類型
此服務會定義下列資源類型,並可用在 IAM 許可政策陳述式的 `Resource` 元素中。[動作表格](#awskeymanagementservice-actions-as-permissions)中的每個動作都代表可使用該動作指定的資源類型。資源類型也能定義您可以在政策中包含哪些條件索引鍵。這些索引鍵都會顯示在「資源類型」資料表的最後一欄。如需下表各欄的詳細資訊,請參閱[資源類型資料表](reference_policies_actions-resources-contextkeys.html#resources_table)。
****
| 資源類型 | ARN | 條件索引鍵 |
| --- | --- | --- |
| [https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#alias-concept](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#alias-concept) | arn:${Partition}:kms:${Region}:${Account}:alias/${Alias} | |
| [https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#kms_keys](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#kms_keys) | arn:${Partition}:kms:${Region}:${Account}:key/${KeyId} | [#awskeymanagementservice-aws_ResourceTag___TagKey_](#awskeymanagementservice-aws_ResourceTag___TagKey_)
[#awskeymanagementservice-kms_KeyOrigin](#awskeymanagementservice-kms_KeyOrigin)
[#awskeymanagementservice-kms_KeySpec](#awskeymanagementservice-kms_KeySpec)
[#awskeymanagementservice-kms_KeyUsage](#awskeymanagementservice-kms_KeyUsage)
[#awskeymanagementservice-kms_MultiRegion](#awskeymanagementservice-kms_MultiRegion)
[#awskeymanagementservice-kms_MultiRegionKeyType](#awskeymanagementservice-kms_MultiRegionKeyType)
[#awskeymanagementservice-kms_ResourceAliases](#awskeymanagementservice-kms_ResourceAliases) |
## AWS Key Management Service 的條件索引鍵
AWS Key Management Service 定義下列條件金鑰,可用於 IAM 政策的 `Condition`元素。您可以使用這些索引鍵來縮小套用政策陳述式的條件。如需下表各欄的詳細資訊,請參閱[條件索引鍵表](reference_policies_actions-resources-contextkeys.html#context_keys_table)。
若要檢視所有 服務可用的全域條件索引鍵,請參閱[AWS 全域條件內容索引鍵](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html)。
****
| 條件索引鍵 | 描述 | Type |
| --- | --- | --- |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag) | 根據請求中標籤的索引鍵和值,篩選對指定 AWS KMS 操作的存取 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/tag-authorization.html](https://docs.aws.amazon.com/kms/latest/developerguide/tag-authorization.html) | 根據指派給 AWS KMS 金鑰的標籤,篩選對指定 AWS KMS 操作的存取權 | String |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys) | 根據請求中的標籤索引鍵篩選對指定 AWS KMS 操作的存取 | ArrayOfString |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-bypass-policy-lockout-safety-check](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-bypass-policy-lockout-safety-check) | 根據請求中的 BypassPolicyLockoutSafetyCheck 參數值,篩選對 CreateKey 和 PutKeyPolicy 操作的存取權 | Bool |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-caller-account](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-caller-account) | 根據發起人的 AWS 帳戶 ID 篩選對指定 AWS KMS 操作的存取。您可以使用此條件金鑰,在單一政策陳述 AWS 帳戶 式中允許或拒絕存取 中的所有 IAM 使用者和角色 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-key-spec-replaced](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-key-spec-replaced) | kms:CustomerMasterKeySpec 條件索引鍵已被取代。相反地,請使用 kms:KeySpec 條件索引鍵 | 字串 |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-key-usage-replaced](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-key-usage-replaced) | kms:CustomerMasterKeyUsage 條件索引鍵已被取代。相反地,請使用 kms:KeyUsage 條件索引鍵 | 字串 |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-data-key-pair-spec](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-data-key-pair-spec) | 根據請求中的 KeyPairSpec 參數值,篩選對 GenerateDataKeyPair 和 GenerateDataKeyPairWithoutPlaintext 操作的存取權 | 字串 |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-encryption-algorithm](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-encryption-algorithm) | 根據請求中的加密演算法的值,篩選對加密操作的存取權 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-encryption-context](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-encryption-context) | 根據密碼編譯操作中的加密內容,篩選對對稱 AWS KMS 金鑰的存取。此條件評估每個鍵值加密內容對中的索引鍵和值。 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-encryption-context-keys](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-encryption-context-keys) | 根據密碼編譯操作中的加密內容,篩選對對稱 AWS KMS 金鑰的存取。此條件索引鍵僅評估每個鍵值加密內容對中的索引鍵。 | ArrayOfString |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-expiration-model](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-expiration-model) | 根據請求中的 ExpirationModel 參數值,篩選對 ImportKeyMaterial 操作的存取權 | 字串 |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-grant-constraint-type](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-grant-constraint-type) | 根據請求中的准許限制,篩選對 CreateGrant 操作的存取權 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-grant-is-for-aws-resource](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-grant-is-for-aws-resource) | 當請求來自指定的 AWS 服務時,篩選對 CreateGrant 操作的存取 | Bool |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-grant-operations](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-grant-operations) | 根據准許中的操作,篩選對 CreateGrant 操作的存取權 | ArrayOfString |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-grantee-principal](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-grantee-principal) | 根據准許中的承授者委託人,篩選對 CreateGrant 操作的存取權 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-key-agreement-algorithm](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-key-agreement-algorithm) | 根據請求中 KeyAgreementAlgorithm 參數的值,篩選對 DeriveSharedSecret 操作的存取 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-key-origin](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-key-origin) | 根據操作中建立或使用之 AWS KMS 金鑰的 Origin 屬性,篩選 API 操作的存取權。用來准予 CreateKey 操作,或針對 KMS 金鑰獲准執行的任何操作 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-key-spec](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-key-spec) | 根據 操作所建立或使用之 AWS KMS 金鑰的 KeySpec 屬性,篩選 API 操作的存取權。用來准予 CreateKey 操作,或針對 KMS 金鑰資源獲准執行的任何操作 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-key-usage](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-key-usage) | 根據操作中建立或使用之 AWS KMS 金鑰的 KeyUsage 屬性,篩選 API 操作的存取權。用來准予 CreateKey 操作,或針對 KMS 金鑰資源獲准執行的任何操作 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-mac-algorithm](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-mac-algorithm) | 根據請求中的 MacAlgorithm 參數,篩選 GenerateMac 和 VerifyMac 操作的存取權 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-message-type](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-message-type) | 根據請求中的 MessageType 參數值,篩選對 Sign 和 Verify 操作的存取權 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-multi-region](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-multi-region) | 根據操作所建立或使用之 AWS KMS 金鑰的 MultiRegion 屬性,篩選 API 操作的存取權。用來准予 CreateKey 操作,或針對 KMS 金鑰資源獲准執行的任何操作 | Bool |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-multi-region-key-type](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-multi-region-key-type) | 根據操作所建立或使用之 AWS KMS 金鑰的 MultiRegionKeyType 屬性,篩選 API 操作的存取權。用來准予 CreateKey 操作,或針對 KMS 金鑰資源獲准執行的任何操作 | 字串 |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-primary-region](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-primary-region) | 根據請求中的 PrimaryRegion 參數值,篩選 UpdatePrimaryRegion 操作的存取權 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-reencrypt-on-same-key](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-reencrypt-on-same-key) | 當 ReEncrypt 操作使用與 Encrypt 操作相同的 AWS KMS 金鑰時,篩選對 ReEncrypt 操作的存取 | Bool |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-image-sha](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-image-sha) | 根據請求中證明文件中的映像雜湊篩選 API 操作的存取權 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-tpm.html#conditions-kms-recipient-nitro-tpm-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-tpm.html#conditions-kms-recipient-nitro-tpm-pcrs) | 依請求中證明文件中的平台組態註冊表 (PCR) 0 篩選存取權。PCR0 是核心系統韌體可執行程式碼的連續測量 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-tpm.html#conditions-kms-recipient-nitro-tpm-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-tpm.html#conditions-kms-recipient-nitro-tpm-pcrs) | 依請求中證明文件中的平台組態註冊表 (PCR) 1 篩選存取權。PCR1 是核心系統韌體資料/主機平台組態的連續測量,通常包括序列和型號 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-tpm.html#conditions-kms-recipient-nitro-tpm-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-tpm.html#conditions-kms-recipient-nitro-tpm-pcrs) | 依請求中證明文件中的平台組態註冊表 (PCR) 10 篩選存取權。PCR10 是 IMA 測量日誌保護的連續測量 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-tpm.html#conditions-kms-recipient-nitro-tpm-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-tpm.html#conditions-kms-recipient-nitro-tpm-pcrs) | 依請求中證明文件中的平台組態註冊表 (PCR) 11 篩選存取權。PCR11 是統一核心映像 (UKIs) 所有元件的連續測量 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-tpm.html#conditions-kms-recipient-nitro-tpm-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-tpm.html#conditions-kms-recipient-nitro-tpm-pcrs) | 依請求中證明文件的平台組態註冊表 (PCR) 12 篩選存取權。PCR12 是核心命令列、系統登入資料和系統組態映像的連續測量 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-tpm.html#conditions-kms-recipient-nitro-tpm-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-tpm.html#conditions-kms-recipient-nitro-tpm-pcrs) | 依請求中證明文件中的平台組態註冊表 (PCR) 13 篩選存取權。PCR13 是 initrd 的所有系統延伸映像的連續測量 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-tpm.html#conditions-kms-recipient-nitro-tpm-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-tpm.html#conditions-kms-recipient-nitro-tpm-pcrs) | 依請求中證明文件中的平台組態註冊表 (PCR) 14 篩選存取權。PCR14 是「MOK」憑證和雜湊的連續測量 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-tpm.html#conditions-kms-recipient-nitro-tpm-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-tpm.html#conditions-kms-recipient-nitro-tpm-pcrs) | 依請求中證明文件中的平台組態註冊表 (PCR) 15 篩選存取權。PCR15 是根檔案系統磁碟區加密金鑰的連續測量 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-tpm.html#conditions-kms-recipient-nitro-tpm-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-tpm.html#conditions-kms-recipient-nitro-tpm-pcrs) | 依請求中證明文件中的平台組態註冊表 (PCR) 16 篩選存取權。PCR16 是一種自訂 PCR,可由使用者針對特定使用案例定義 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-tpm.html#conditions-kms-recipient-nitro-tpm-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-tpm.html#conditions-kms-recipient-nitro-tpm-pcrs) | 依請求中證明文件中的平台組態註冊表 (PCR) 17 篩選存取權。PCR17 是一種自訂 PCR,可由使用者針對特定使用案例定義 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-tpm.html#conditions-kms-recipient-nitro-tpm-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-tpm.html#conditions-kms-recipient-nitro-tpm-pcrs) | 依請求中證明文件的平台組態註冊表 (PCR) 18 篩選存取權。PCR18 是一種自訂 PCR,可由使用者針對特定使用案例定義 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-tpm.html#conditions-kms-recipient-nitro-tpm-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-tpm.html#conditions-kms-recipient-nitro-tpm-pcrs) | 依請求中證明文件中的平台組態註冊表 (PCR) 19 篩選存取權。PCR19 是一種自訂 PCR,可由使用者針對特定使用案例定義 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-tpm.html#conditions-kms-recipient-nitro-tpm-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-tpm.html#conditions-kms-recipient-nitro-tpm-pcrs) | 依請求中證明文件中的平台組態註冊表 (PCR) 2 篩選存取權。PCR2 是延伸或可插入可執行程式碼的連續度量,包括可插入硬體上的選項 ROMs | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-tpm.html#conditions-kms-recipient-nitro-tpm-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-tpm.html#conditions-kms-recipient-nitro-tpm-pcrs) | 依請求中證明文件中的平台組態註冊表 (PCR) 20 篩選存取權。PCR20 是一種自訂 PCR,可由使用者針對特定使用案例定義 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-tpm.html#conditions-kms-recipient-nitro-tpm-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-tpm.html#conditions-kms-recipient-nitro-tpm-pcrs) | 依請求中證明文件的平台組態註冊表 (PCR) 21 篩選存取權。PCR21 是一種自訂 PCR,可由使用者針對特定使用案例定義 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-tpm.html#conditions-kms-recipient-nitro-tpm-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-tpm.html#conditions-kms-recipient-nitro-tpm-pcrs) | 依請求中證明文件中的平台組態註冊表 (PCR) 22 篩選存取權。PCR22 是一種自訂 PCR,可由使用者針對特定使用案例定義 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-tpm.html#conditions-kms-recipient-nitro-tpm-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-tpm.html#conditions-kms-recipient-nitro-tpm-pcrs) | 依請求中證明文件中的平台組態註冊表 (PCR) 23 篩選存取權。PCR23 是一種自訂 PCR,可由使用者針對特定使用案例定義 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-tpm.html#conditions-kms-recipient-nitro-tpm-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-tpm.html#conditions-kms-recipient-nitro-tpm-pcrs) | 依請求中證明文件的平台組態註冊表 (PCR) 3 篩選存取權。PCR3 是延伸或可插入韌體資料的連續測量,包括可插入硬體的相關資訊 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-tpm.html#conditions-kms-recipient-nitro-tpm-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-tpm.html#conditions-kms-recipient-nitro-tpm-pcrs) | 依請求中證明文件中的平台組態註冊表 (PCR) 4 篩選存取權。PCR4 是開機載入器和其他驅動程式的連續測量,包括開機載入器載入的二進位檔和延伸 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-tpm.html#conditions-kms-recipient-nitro-tpm-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-tpm.html#conditions-kms-recipient-nitro-tpm-pcrs) | 依請求中證明文件中的平台組態註冊表 (PCR) 5 篩選存取權。PCR5 是 GPT/分割區資料表的連續測量 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-tpm.html#conditions-kms-recipient-nitro-tpm-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-tpm.html#conditions-kms-recipient-nitro-tpm-pcrs) | 依請求中證明文件中的平台組態註冊表 (PCR) 6 篩選存取權。PCR6 是一種自訂 PCR,可由使用者針對特定使用案例定義 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-tpm.html#conditions-kms-recipient-nitro-tpm-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-tpm.html#conditions-kms-recipient-nitro-tpm-pcrs) | 依請求中證明文件中的平台組態註冊 (PCR) 7 篩選存取權。PCR7 是 SecureBoot 狀態的連續測量 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-tpm.html#conditions-kms-recipient-nitro-tpm-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-tpm.html#conditions-kms-recipient-nitro-tpm-pcrs) | 依請求中證明文件的平台組態註冊表 (PCR) 8 篩選存取權。PCR8 是命令和核心命令列的連續測量 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-tpm.html#conditions-kms-recipient-nitro-tpm-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-tpm.html#conditions-kms-recipient-nitro-tpm-pcrs) | 依請求中證明文件中的平台組態註冊表 (PCR) 9 篩選存取權。PCR9 是所有檔案讀取的連續度量 (包括核心映像) | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs) | 依請求中證明文件中的平台組態註冊表 (PCR) 0 篩選存取權。PCR0 是 enclave 影像檔案內容的連續測量,不含區段資料 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs) | 依請求中證明文件中的平台組態註冊表 (PCR) 1 篩選存取權。PCR1 是 Linux 核心和引導資料的連續測量 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs) | 依請求中證明文件中的平台組態註冊表 (PCR) 10 篩選存取權。PCR10 是一種自訂 PCR,可由使用者針對特定使用案例定義 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs) | 依請求中證明文件的平台組態註冊表 (PCR) 11 篩選存取權。PCR11 是一種自訂 PCR,可由使用者針對特定使用案例定義 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs) | 依請求中證明文件中的平台組態註冊表 (PCR) 12 篩選存取權。PCR12 是一種自訂 PCR,可由使用者針對特定使用案例定義 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs) | 依請求中證明文件的平台組態註冊表 (PCR) 13 篩選存取權。PCR13 是一種自訂 PCR,可由使用者針對特定使用案例定義 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs) | 依請求中證明文件中的平台組態註冊表 (PCR) 14 篩選存取權。PCR14 是使用者可以針對特定使用案例定義的自訂 PCR | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs) | 依請求中證明文件中的平台組態註冊表 (PCR) 15 篩選存取權。PCR15 是一種自訂 PCR,可由使用者針對特定使用案例定義 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs) | 依請求中證明文件中的平台組態註冊表 (PCR) 16 篩選存取權。PCR16 是一種自訂 PCR,可由使用者針對特定使用案例定義 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs) | 依請求中證明文件的平台組態註冊表 (PCR) 17 篩選存取權。PCR17 是一種自訂 PCR,可由使用者針對特定使用案例定義 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs) | 依請求中證明文件中的平台組態註冊表 (PCR) 18 篩選存取權。PCR18 是一種自訂 PCR,可由使用者針對特定使用案例定義 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs) | 依請求中證明文件的平台組態註冊表 (PCR) 19 篩選存取權。PCR19 是一種自訂 PCR,可由使用者針對特定使用案例定義 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs) | 依請求中證明文件中的平台組態註冊表 (PCR) 2 篩選存取權。PCR2 是使用者應用程式的連續順序測量,不含開機 ramf | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs) | 依請求中證明文件中的平台組態註冊表 (PCR) 20 篩選存取權。PCR20 是一種自訂 PCR,可由使用者針對特定使用案例定義 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs) | 依請求中證明文件的平台組態註冊表 (PCR) 21 篩選存取權。PCR21 是一種自訂 PCR,可由使用者針對特定使用案例定義 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs) | 依請求中證明文件中的平台組態註冊表 (PCR) 22 篩選存取權。PCR22 是一種自訂 PCR,可由使用者針對特定使用案例定義 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs) | 依請求中證明文件中的平台組態註冊表 (PCR) 23 篩選存取權。PCR23 是一種自訂 PCR,可由使用者針對特定使用案例定義 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs) | 依請求中證明文件中的平台組態註冊表 (PCR) 24 篩選存取權。PCR24 是一種自訂 PCR,可由使用者針對特定使用案例定義 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs) | 依請求中證明文件中的平台組態註冊表 (PCR) 25 篩選存取權。PCR25 是一種自訂 PCR,可由使用者針對特定使用案例定義 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs) | 依請求中證明文件的平台組態註冊表 (PCR) 26 篩選存取權。PCR26 是一種自訂 PCR,可由使用者針對特定使用案例定義 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs) | 依請求中證明文件中的平台組態註冊表 (PCR) 27 篩選存取權。PCR27 是一種自訂 PCR,可由使用者針對特定使用案例定義 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs) | 依請求中證明文件中的平台組態註冊表 (PCR) 28 篩選存取權。PCR28 是一種自訂 PCR,可由使用者針對特定使用案例定義 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs) | 依請求中證明文件中的平台組態註冊表 (PCR) 29 篩選存取權。PCR29 是一種自訂 PCR,可由使用者針對特定使用案例定義 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs) | 依請求中證明文件的平台組態註冊表 (PCR) 3 篩選存取權。PCR3 是指派給父執行個體之 IAM 角色的連續測量 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs) | 依請求中證明文件的平台組態註冊表 (PCR) 30 篩選存取權。PCR30 是一種自訂 PCR,可由使用者針對特定使用案例定義 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs) | 依請求中證明文件的平台組態註冊表 (PCR) 31 篩選存取權。PCR31 是一種自訂 PCR,可由使用者針對特定使用案例定義 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs) | 依請求中證明文件中的平台組態註冊表 (PCR) 4 篩選存取權。PCR4 是父執行個體 ID 的連續測量 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs) | 依請求中證明文件中的平台組態註冊表 (PCR) 5 篩選存取權。PCR5 是由使用者針對特定使用案例定義的自訂 PCR | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs) | 依請求中證明文件中的平台組態註冊表 (PCR) 6 篩選存取權。PCR6 是一種自訂 PCR,可由使用者針對特定使用案例定義 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs) | 依請求中證明文件中的平台組態註冊 (PCR) 7 篩選存取權。PCR7 是一種自訂 PCR,可由使用者針對特定使用案例定義 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs) | 依請求中證明文件的平台組態註冊表 (PCR) 8 篩選存取權。PCR8 是針對 enclave 映像檔案指定的簽署憑證的指標 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-nitro-enclaves.html#conditions-kms-recipient-pcrs) | 依請求中證明文件中的平台組態註冊表 (PCR) 9 篩選存取權。PCR9 是一種自訂 PCR,可由使用者針對特定使用案例定義 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-replica-region](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-replica-region) | 根據請求中的 ReplicaRegion 參數值,篩選 ReplicateKey 操作的存取權 | 字串 |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-request-alias](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-request-alias) | 根據請求中的別名,篩選對加密編譯操作、DescribeKey 和 GetPublicKey 的存取權 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-resource-aliases](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-resource-aliases) | 根據與 AWS KMS 金鑰相關聯的別名,篩選對指定 AWS KMS 操作的存取權 | ArrayOfString |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-retiring-principal](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-retiring-principal) | 根據准許中的淘汰委託人,篩選對 CreateGrant 操作的存取權 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-rotation-period-in-days](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-rotation-period-in-days) | 根據請求中的 RotationPeriodInDays 參數值,篩選對 EnableKeyRotation 操作的存取 | 數值 |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-schedule-key-deletion-pending-window-in-days](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-schedule-key-deletion-pending-window-in-days) | 根據請求中 PendingWindowInDays 參數的值,篩選對 ScheduleKeyDeletion 操作的存取權 | 數值 |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-signing-algorithm](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-signing-algorithm) | 根據請求中的簽署演算法,篩選對 Sign 和 Verify 操作的存取權 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-trailing-days-without-key-usage](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-trailing-days-without-key-usage) | 根據上次使用 AWS KMS 金鑰的天數,篩選對 ScheduleKeyDeletion 和 DisableKey 操作的存取權 | 數值 |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-valid-to](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-valid-to) | 根據請求中的 ValidTo 參數值,篩選對 ImportKeyMaterial 操作的存取權。您可以使用此條件索引鍵,表示只有當金鑰資料在指定的日期之前過期時,才允許使用者匯入金鑰資料 | Date |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-via-service](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-via-service) | 當代表委託人提出的請求來自指定的 AWS 服務時,篩選存取權 | String |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-wrapping-algorithm](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-wrapping-algorithm) | 根據請求中的 WrappingAlgorithm 參數值,篩選對 GetParametersForImport 操作的存取權 | 字串 |
| [https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-wrapping-key-spec](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-wrapping-key-spec) | 根據請求中的 WrappingKeySpec 參數值,篩選對 GetParametersForImport 操作的存取權 | 字串 |