Permissions Required for Cryptographic Operations
This is the set of permissions that should be given to an IAM Role via a Key Policy to perform cryptographic operations.
It’s the set that AWS gives the user of the Key by default. This means that if you add an IAM Role to the Key Policy using Default View, the awarded permissions will be enough.
But if you want to add an IAM Role using Policy View (to add an IAM Role from another account, in any case you need to use Policy View), then you will need to add them manually.
Here is the policy view example: