pre用ページ

{
 "Version": "2012-10-17",
 "Id": "key-policy-ebs",
 "Statement": [
  { 
  "Sid": "Enable IAM User Permissions",
  "Effect": "Allow",
  "Principal": {
   "AWS": "arn:aws:iam::123456789012:root"
  },
  "Action": "kms:*",
   "Resource": "*"
 },
 {
 "Sid": "Allow use of the key",
 "Effect": "Allow",
 "Principal": {
  "AWS": "arn:aws:iam::123456789012:role/aws-reserved/sso.amazonaws.com/InfrastructureDeployment"
 },
 "Action": [
   "kms:Encrypt",
   "kms:Decrypt",
   "kms:ReEncrypt*",
   "kms:GenerateDataKey*",
   "kms:DescribeKey",
   "kms:CreateGrant",
   "kms:ListGrants",
   "kms:RevokeGrant"
  ],
 "Resource": "*",
  "Condition": {
   "StringEquals": {
    "kms:ViaService": "ec2.us-west-2.amazonaws.com"
     }
    }
  }
 ]
}