In this recipe, we defined an alias and description for our key. On the next screen, we can add tags to our recipes. We skipped this step. Furthermore, we can add IAM users or roles as key administrators. While key administrators can manage keys, they do not have permission to encrypt or decrypt data using those keys by default. 

After that, we added users who can use these keys. Unless added to this list, even a key administrator won't be able to use this key. Key administrators, however, can add themselves as key users. We can also allow other AWS accounts to use these keys. Doing so will allow the administrators of those accounts to delegate permissions to the users or roles within that account.  

Next, we reviewed our key policy settings and clicked on Finish. We can edit these settings if we need to from this screen. Now, we should see our key listed under CMK.