Cross-account key access

Setting up cross-account KMS access feels tricky sometimes. However, AWS have documentation page describing the process and minimal set of IAM actions needed.

https://docs.amazonaws.cn/en_us/kms/latest/developerguide/key-policy-modifying-external-accounts.html