Setting up cross-account KMS access feels tricky sometimes. However, AWS have documentation page describing the process and minimal set of IAM actions needed.
https://docs.amazonaws.cn/en_us/kms/latest/developerguide/key-policy-modifying-external-accounts.htmlarrow-up-right
Last updated 5 years ago