IAM Role: AWS/KMS/Metadata
| Permission | Grant |
|---|---|
| kms:DescribeCustomKeyStores | Metadata |
| kms:DescribeKey | Metadata |
| kms:GetKeyPolicy | Metadata |
| kms:GetKeyRotationStatus | Metadata |
| kms:GetParametersForImport | Metadata |
| kms:GetPublicKey | Metadata |
| kms:ListAliases | Metadata |
| kms:ListGrants | Metadata |
| kms:ListKeyPolicies | Metadata |
| kms:ListKeys | Metadata |
| kms:ListResourceTags | Metadata |
| kms:ListRetirableGrants | Metadata |