Stack Overflow
Stack Overflow

Questions tagged [amazon-kms]

AWS Key Management Service (KMS) is an encryption and key management service scaled for the cloud. KMS keys and functionality are used by other AWS services, and you can use them to protect data in your own applications that use AWS.

AWS Key Management Service (KMS) is an encryption and key management service scaled for the cloud. KMS keys and functionality are used by other AWS services, and you can use them to protect data in your own applications that use AWS.

704 questions
2
votes
2 answers

Why codepipline require the KMS key?

I made the CodePipeline to build the source code from CodeCommit to ECR by cdk When deploying this cdk code, somehow the key named like this codepipeline-cdkmynavirepomynavipipelinefe7f8d68 is made in KMS customer managed key I am not sure why this…
whitebear
  • 11,200
  • 24
  • 114
  • 237
2
votes
1 answer

Invalid token when using CloudFront with OAI to access KMS encrypted file

I have a bucket that I am using to serve content via CloudFront Distribution. Currently OAI is utilised to authenticate requests to the bucket, but as an extra layer of security I am looking to add KMS encryption for the files in the bucket. I have…
Andrew.Stump
  • 131
  • 6
2
votes
0 answers

How to restrict kms:TagResource in AWS policy only to creation of new key, preventing tagging of existing keys?

When you create a AWS KMS key you can provide tags for it. Creation alone needs kms:CreateKey permission, for providing the tags during the creation you need the kms:TagResource permission in addition. - I want to write a policy which only allows…
sleepomeno
  • 193
  • 8
2
votes
1 answer

ValueError: the bucket does not exist, or is forbidden for access 'An error occurred (AccessDenied) when calling the CreateMultipartUpload

I am using python library smart_open to upload file (it would be big files) from python script to S3 bucket Bucket has policy enforcing SSE with KMS { "Version": "2012-10-17", "Id": "PutObjPolicy", "Statement": [ { …
bensiu
  • 24,660
  • 56
  • 77
  • 117
2
votes
0 answers

How to get a list of all the resourcers linked with an AWS KMS

I'd want to identify who is using a specified AWS KMS key. In other words, given an AWS KMS key, which AWS resource is it being used on?
Rafael Gomez
  • 59
  • 4
2
votes
2 answers

Can I decrypt a KMS key from a different account, from a different aws region?

Here's my scenario: There are two aws accounts - A and B. I have a KMS key K protecting an SQS queue in account A and region us-east-1. I have an SNS topic in account B and region us-west-2. My SQS queue from account A is subscribed to the topic…
bappak
  • 865
  • 8
  • 23
2
votes
1 answer

Is it possible to use AWS KMS for key management but keep the keys in memory to encrypt / decrypt locally (without further api calls)?

I am expecting very high traffic on one of my services, and I would like to add encryption for a new feature. I know KMS makes an API call each encrypt/decrypt call, but is it possible to use KMS for key management and cache the keys in memory to…
irregular
  • 1,437
  • 3
  • 20
  • 39
2
votes
1 answer

AWS SAM: How to create an S3 bucket with an already existing encryption key using SAM

I am a newbie to SAM (and CloudFormation) and I learned today that you can create a new bucket in adding something like this to the SAM yaml template: Resources: my-great-new-bucket: Type:AWS::S3::Bucket Does SAM offer a way to also add…
and0r
  • 305
  • 1
  • 4
  • 13
2
votes
0 answers

Python: boto3 decrypt

I'm trying to decrypt via the boto3 a ecrypted value with kms. The value is encrypted via the aws cli and then stored: aws kms encrypt --key-id xxx --plaintext "test" The code that I'm trying to use to decrypt then is following: kms_response =…
Yannick Tresch
  • 21
  • 1
2
votes
1 answer

terraform and kms key aliases

I am using the aws provider and trying to create an aws_workspaces_workspace with encrypted volumes. I created an aws_kms_key with an associated alias (aws_kms_alias). I specified the key alias (as a string) for volume_encryption_key. The resource…
mlr11
  • 77
  • 1
  • 6
2
votes
0 answers

Setup Encryption Key in Neptune Notebook

I am trying to bulk load RDF data to Neptune Database and visualize the graph using Notebook. For this, I have created a Neptune Database with Encryption key (KMS customer managed key) added into it. Also, I have created a Neptune Notebook (from AWS…
swathi selvaraju
  • 61
  • 3
2
votes
0 answers

Aggregation of KMS encrypted logs from different regions in a single S3 bucket

I have a Lambda@Edge and a centralized S3 logging bucket deployed in us-east-1 region. By AWS design, Lambda@Edge writes logs to the region where its replica is invoked, it's about 13 AWS Regions where CloudFront Edge Caches are located. I need to…
jumpy
  • 317
  • 1
  • 12
2
votes
2 answers

Best practice for granting AWS RDS access to KMS CMK

I am using an AWS RDS database cluster encrypted with a KMS CMK that resides in the same AWS account. My DB cluster seems to be working fine with the default KMS policy, but I am not sure how RDS has access to the key if I did not specifically grant…
SoftwareFactor
  • 8,430
  • 3
  • 30
  • 34
2
votes
0 answers

Searching by encrypted column in DynamoDB

I have a DynamoDB table which as per requirement should have only serialNumber and created by .serialNumber should be encrypted . how can I search based on this column . since user would pass the actual serialNumber and I have to validate it…
divyanayan awasthi
  • 890
  • 1
  • 8
  • 33
2
votes
1 answer

Pyspark dataframe read from one bucket and write to another bucket with different KMS keys in same job

need little help to find better solution for my use case below. I have S3 bucket which contain input Data and it is encrypted with KMS KEY 1 so I am able to set the KMS KEY 1 to my spark session using…
Suresh
  • 38,717
  • 16
  • 62
  • 66
1 2 3
46 47