You can add or modify an AWS Key Management Service (KMS) Server from the CommCell Console.
If the user account does not have the kms:Decrypt permission, then you can perform only backup operations, and you cannot perform auxiliary copy or restore operations.
For guidelines about key rotation, see Key Rotation Guidelines for AWS Key Management Service Server.
Note
The Commvault user should have Edit Storage Policy \ Copy permissions to a storage policy copy to assign the AWS KMS Server to the copy. For more information, see Storage Policy Management Permissions.