{"id":"fis-ec2-kms-creategrant-for-encrypted-ebs","text":"The FIS EC2 access policy includes `kms:CreateGrant` conditioned on `kms:ViaService` and `kms:GrantIsForAWSResource` to handle stop/start of instances with encrypted EBS volumes.","truth_value":"IN","source":"entries/2026/03/12/aws-managed-policy-latest-reference-AWSFaultInjectionSimulatorEC2Accesshtml.md","source_url":"","source_hash":"0a4d10b14b32c922","justifications":[],"dependents":[],"metadata":{},"explanation":{"steps":[{"node":"fis-ec2-kms-creategrant-for-encrypted-ebs","truth_value":"IN","reason":"premise"}]}}