[Solved] Error: updating RDS Cluster KMSKeyNotAccessibleFault: The specified KMS key [null] either doesn't exist, isn't enabled, or isn't accessible by the current user. Either specify a different key or access the key with a different user.

 Issue:-

While restoring RDS Cluster from the snapshot i recently came across a issue with the IAM permission because i was not using the Admin permission rather want to stick with the least permission required to get the work done. Thats where i encountered this error

Error: updating RDS Cluster KMSKeyNotAccessibleFault: The specified KMS key [null] either doesn't exist, isn't enabled, or isn't accessible by the current user. Either specify a different key or access the key with a different user.

Cause/Solution:-

The issue is caused because of the missing IAM permission for the KMS Key. For solution to this problem checkout the Cloudtrail for the Event DescribeKey. You should find a event failing for this event to an unknown key. When you will checkout further you will find the key is for the aws/secretsmanager.

if you select the option ManageMasterUserPassword: true then you not only need to add IAM permissions for secretsmanager:CreateSecret but you also need to add KMS permissions for kms:DescribeKey on the aws/secretsmanager KMS key ID arn.

Copy the Arn of the key which is referenced in the Cloudtrail and make an entry in the IAM role you using that should solve your issue.

In my case AWS Support was not able to figure this out. And they instead point me in wrong direction saying somehow the key was not being passed and its taking value null which is not the case here.