Stack Overflow
Stack Overflow

Questions tagged [amazon-kms]

AWS Key Management Service (KMS) is an encryption and key management service scaled for the cloud. KMS keys and functionality are used by other AWS services, and you can use them to protect data in your own applications that use AWS.

AWS Key Management Service (KMS) is an encryption and key management service scaled for the cloud. KMS keys and functionality are used by other AWS services, and you can use them to protect data in your own applications that use AWS.

704 questions
2
votes
1 answer

AWS CDK `Bucket.encryptionKey?.arn` doesn't return a value despite having an encryption key associated with it

I have a bucket that is defined/managed in a different stack. The bucket is encrypted by a key managed in KMS. In my own stack, I am trying to create a role and grant read and decrypt permissions for that role on the bucket and the key…
Keshav Potluri
  • 479
  • 5
  • 15
2
votes
1 answer

Which is an appropriate way to encrypt message of size greater than 4KB?

I have been working to encrypt messages of size greater than 4Kb using AWS KMS. As I went through the AWS KMS documentation, the maximum size of a message that can be encrypted using AWS KMS is only 4Kb. I tried using both symmetric and asymmetric…
John
  • 972
  • 1
  • 7
  • 24
2
votes
2 answers

How to Post object using presigned post with KMS(customer managed key)

When i use presigned post to generate the url and other attributes, when i try to upload my image with server side encryption that is customer managed keys, this keys is created by me. In my case, I can upload with {"x-amz-server-side-encryption":…
Adrian
  • 23
  • 4
2
votes
1 answer

AWS: Can not download file from SSE-KMS encrypted bucket using stream

I have a bucket with enabled encryption configured: encryption key type: AWS Key Management Service key (SSE-KMS) using AWS managed key (aws/s3). Bucket encryption config: I have nodejs project using streams to upload/download files on S3…
Crowley
  • 169
  • 6
2
votes
1 answer

how to get a key for encryption in AWS KMS

I decide to manage my key use AWS KMS. I made a key at "Customer managed keys" and imported my key (symmetric key). I tried to use key that imported to kms in my python application using boto3. but there was no way to receive uncoded my key. What…
user13845788
  • 47
  • 4
2
votes
2 answers

Sign a PdfDocument using the digital signature returned by AWS KMS

I'm trying to use the signature obtained by signing the SHA256 digest of my PdfDocument using AWS KMS to apply a signature on the PDF itself. I'm not even sure if I'm going in the correct direction. Everything runs correctly, but the produced…
Grace Atwood
  • 172
  • 10
2
votes
0 answers

AWS KMS (Key Management Service)

My team is working on a customer facing piece of hardware which will store various physical items. To gain access to this hardware, the customer will enter a pin - the pin that was created by a manager from an internal amazon dashboard. We are…
thatguyfromthecloud
  • 21
  • 1
2
votes
1 answer

CloudFormation - Not able to create KMS

I am trying to create a KMS Key using Cloudformation unfortunately I am not able to create it. In the console I am getting the following error : null (Service: Kms, Status Code: 400, Request ID: 156b452d-8ffb-5517-9jbc-a6yh6e3a79, Extended Request…
Shivkumar Mallesappa
  • 2,875
  • 7
  • 41
  • 68
2
votes
1 answer

minio+KMS x509: certificate signed by unknown authority

I am trying to use minio as a local S3 server. I am following this article I downloaded key and cert files. I added the env parameters: set MINIO_KMS_KES_ENDPOINT=https://play.min.io:7373 set MINIO_KMS_KES_KEY_FILE=D:\KMS\root.key set…
Pavel Petrashov
  • 1,073
  • 1
  • 15
  • 34
2
votes
1 answer

Describe RDS Snapshots across AWS Regions

I am trying to get snapshots and describe the snapshots from db_instances in the dict of regions: regions = {'us-east-1':'us-east-2', 'us-west-1':'us-west-2'} DB instances in region: us-east-1 = testeast1 us-west-1 = testwest1 DB instances are…
ghenzi83
  • 109
  • 1
  • 13
2
votes
1 answer

Is it possible to provide asymmetric keys as your own keys (BYOK) to a cloud KMS (key management service) for any cloud providers?

I want to encrypt storage/volumes using customer supplied keys. I have seen examples where symmetric customer keys can be imported and used to encrypt volumes for example in case of EBS volumes in AWS. But no examples where customers can supply…
devcloud
  • 391
  • 5
  • 18
2
votes
1 answer

How to encrypt actual storage/volume used by containers in Kubernetes environment?

In case of cloud managed kubernetes, whether AWS EKS, Azure AKS or Google GKE, the option to use customer managed key always comes at the cost of storing the customer master key in the cloud provider's own vault/KMS (e.g. aws kms or azure vault). In…
devcloud
  • 391
  • 5
  • 18
2
votes
1 answer

AWS CMK vs Data Key clarification question

I am new to AWS, and I was hoping someone can clarify something for me regarding encryption. I was reading the AWS document on Amazon EBS encryption, and in the document, under the section "How EBS encryption works" I noticed one of the steps is…
TheProf
  • 21
  • 1
2
votes
2 answers

is there a way to create a launch configuration using an encrypted AMI?

I am creating an autoscaling group but the launch configuration keeps on failing because I am using an encrypted AMI (have to for security), but it crashes after the timer and give this error: Error: "autoscaling group": Waiting up to 5m0s: Need at…
thecoderguy
  • 31
  • 1
  • 6
2
votes
0 answers

S3 to store only objects encrypted by one default KMS key and restrict all others

I am trying to upload object to s3 bucket, encrypted with ONLY a specific KMS key. I have created a policy with separate deny conditions, but it does not seem to work. Can somebody suggest where could I be going wrong? I tested this policy with AWS…
s_neenu
  • 95
  • 2
  • 7
1 2 3
46 47