Blenra
Optimized for: Gemini / ChatGPT / Claude

Advanced AI Prompt for Scoped AWS KMS Key Policy for Multi-Account Access

Use this engineered prompt to drastically optimize your workflow and output.

Required Variables

  • [KEY_ADMIN_ARN]
  • [EXTERNAL_ACCOUNT_ID]
  • [ENCRYPTION_CONTEXT_KEY]
  • [VALUE]
advanced-ai-prompt-kms-key-policy-multi-account.txt
Draft a KMS Key Policy that separates administration and usage. Grant [KEY_ADMIN_ARN] full administrative rights. Allow an external account [EXTERNAL_ACCOUNT_ID] to use the key for 'Encrypt' and 'Decrypt' operations, but only if the request includes a specific 'kms:EncryptionContext:[ENCRYPTION_CONTEXT_KEY]' matching '[VALUE]'. This ensures that even if the external account is compromised, the key cannot be used without the correct context.

Example Output

"The AI generates a KMS policy JSON that uses 'kms:EncryptionContext' as a mandatory cryptographic guardrail."