This screenshot is from the AWS KMS Create key wizard at Step 4 (optional): Define key usage permissions. It shows the Key users section where the IAM role OracleDBKMS_vmc_esr4tv5j5o is selected, meaning this role is allowed to use the key for cryptographic operations (such as encrypt/decrypt). There’s also an Other AWS accounts section to optionally grant key usage to additional accounts. The Next button proceeds to editing the key policy and final review.

Copyright © Oracle and/or its affiliates.