Stack Overflow
Stack Overflow

Questions tagged [amazon-kms]

AWS Key Management Service (KMS) is an encryption and key management service scaled for the cloud. KMS keys and functionality are used by other AWS services, and you can use them to protect data in your own applications that use AWS.

AWS Key Management Service (KMS) is an encryption and key management service scaled for the cloud. KMS keys and functionality are used by other AWS services, and you can use them to protect data in your own applications that use AWS.

704 questions
3
votes
1 answer

AWS private subnet security group egress whitelist for AWS services?

I have some EC2 instances in a private subnet that need to access DynamoDB and KMS. Since VPC endpoints do not support either of these at this time, I will need to grant internet access via a NAT gateway. I want to restrict the security group…
pmcgrath
  • 823
  • 2
  • 9
  • 21
3
votes
3 answers

Sharing SSH Keys across multiple hosts

I am building a service that is distributed across multiple machines that logs into other target machines and does an action (write to a file, run a shell script, etc.). Currently, I have this service configured to use username and password as a…
Allen Suner
  • 75
  • 5
3
votes
0 answers

Cross region copy of Encrypted data in AWS

If I have to copy encrypted data in my RDS database from one region to another in AWS, what all options do I have based on the following design points: 1) My keys will be particular to a region in case I use services like CloudHSM or KMS 2) I do not…
SSN
  • 31
  • 1
3
votes
1 answer

Generating a pre-signed URL for S3 object with KMS encryption - what am I doing wrong?

I'm using the AWS SDK v2.3.44.0 for .NET 4.0 and am trying to generate a pre-signed URL for clients to download objects. All of the objects are stored in an S3 bucket and encrypted using the aws:kms server side encryption method. I'm using the…
derekmckinnon
  • 524
  • 1
  • 5
  • 15
2
votes
2 answers

AWS ASG Error: Client.InternalError: Client error on launch

I created a new ASG that creates instances using an AMI that has been created and encrypted in another account (account id: 111). Any instance that creates in the ASG crashes right away with an error of Client.InternalError: Client error on launch.…
Supertwister
  • 105
  • 1
  • 1
  • 8
2
votes
2 answers

Decrypting cognito codes with KMS client from aws-sdk-v3

I am following this instruction to implement custom message sender in Cognito https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-custom-sms-sender.html All works well with similar code (I use Typescript on AWS Lambda): import…
pkozlov
  • 746
  • 5
  • 17
2
votes
1 answer

How can I assign a KMS key to a docker container

I want to use server side Encryption using KMS on my S3 bucket. But instead of using a single KMS key, I want a KMS key for individual docker containers Not really sure what to try
CC28
  • 23
  • 3
2
votes
1 answer

AWS global configuration update conflict

The problem is when I feed Dynamodb config endpoint some value the AWS Key Management Service stops working altogether. 1. DynamoDB const awsConfig = { region: process.env.REGION, endpoint: process.env.ENDPOINT, //this stops AWS…
Zahir Masoodi
  • 546
  • 7
  • 23
2
votes
1 answer

How to add the "kms:CallerAccount" condition to a KMS key used for encrypting CloudWatch logs?

I can't seem to use the "kms:CallerAccount" condition in a KMS customer managed key used for encrypting existing CloudWatch log groups. I followed the official docs and created a symmetric KMS key with the following policy which allows the key to be…
edo
  • 1,712
  • 1
  • 18
  • 19
2
votes
1 answer

Create KMS key policy in Go

I'm trying to create a KMS key using the AWS SDK v2 function call: conn := kms.NewFromConfig(cfg) input := kms.CreateKeyInput{ KeySpec: types.KeySpecEccNistP521, KeyUsage: types.KeyUsageTypeSignVerify, MultiRegion:…
Woody1193
  • 7,252
  • 5
  • 40
  • 90
2
votes
0 answers

has anyone undergone certification of PCI-DSS using general purpose HSM (and not payshield)?

can we utilise a general purpose HSM for EMV related work ? like ARQC/ARPC ? PCI guidelines do not specifically prohibit general purpose HSM from being used. There are certain constraints (e.g. disallow trnslation of ISO Type 0 to Type 1), etc. But…
Sandeep
  • 1,745
  • 3
  • 20
  • 30
2
votes
1 answer

Pass Ansible variables into custom Ansible module

I have a custom module that resides in the library/ directory of my Ansible role. I can call the module from within my playbook, and the code executes correctly, but only if the values it expects are hardcoded in the module code itself. How can I…
GreNIX
  • 47
  • 1
  • 6
2
votes
4 answers

Unable to delete KMS key

When I open the customer managed keys in region eu-central-1, I can see one key, but I get the following error message: DescribeKey request failed AccessDeniedException - User: arn:aws:iam:::user/admin is not authorized to…
Thomas
  • 37
  • 1
  • 3
2
votes
1 answer

How to present AWS KMS public keys in JWKs format

After creating a key pair in AWS KMS service I can see the public key looks something like: -----BEGIN PUBLIC KEY----- J1UJQVArKIBiUNUgvkEamuz4treK5qSCJeUD+TcN9lPEQTXrApYV+CcXnuQJql472gPGtTNbyE -----END PUBLIC KEY----- But when clients invoke the…
Mercury
  • 7,430
  • 3
  • 42
  • 54
2
votes
1 answer

Access Denied when performing S3 Multipart Upload operation into SSE-KMS encrypted bucket

I'm facing Access Denied for Multipart Upload into SSE-KMS encrypted bucket. Code is running Glue (might be from other services, have no ability to verify). I’ve tried set of different permissions, even full access, no effect. Access for KMS is…
Meos
  • 66
  • 5
1 2 3
46 47