Stack Overflow
Stack Overflow

Questions tagged [amazon-kms]

AWS Key Management Service (KMS) is an encryption and key management service scaled for the cloud. KMS keys and functionality are used by other AWS services, and you can use them to protect data in your own applications that use AWS.

AWS Key Management Service (KMS) is an encryption and key management service scaled for the cloud. KMS keys and functionality are used by other AWS services, and you can use them to protect data in your own applications that use AWS.

704 questions
2
votes
0 answers

How to assign cognito IAM Role the permissions to perform ListKeys operation for AWS KMS service?

I am using Cognito to get the temporary credentials for authorizing encrypt() operation of the AWS KMS service. In my IAM role policy, I have specified the authorization to encrypt operation on a specific KeyID and ListKeys operation on all…
Anit Aggarwal
  • 95
  • 8
2
votes
1 answer

Can't use AWS IAM Roles with KMS Providers for MongoDB Client Side Field Level Encryption?

I am using EC2 Instance profile credentials for allowing the AWS EC2 instance to access other AWS services. Recently, I implemented MongoDB Client-Side Field-Level Encryption for which the AWS KMS has been used as KMS Providers. The MongoDB…
Nishkarsh
  • 274
  • 4
  • 16
2
votes
2 answers

Cannot assign KMS grant to role in AWS

I have an encryption key in KMS and two roles: One KeyAdmin role which should be allowed to create a grant to the KeyUser role which should then be able to encrypt/decrypt with the key. Here is what I am doing: $ aws kms create-key { …
mat
  • 1,645
  • 15
  • 36
2
votes
1 answer

Why is aws charging for kms when calling lambda?

With each lambda invoke either with AWS API or API Gateway HTTP, kms usage is increasing while I haven't added any key management with KMS. Is this indirect cost by aws on lambda usage or there is option to disable kms on lambda invoke.
Vishvendra Singh
  • 484
  • 5
  • 19
2
votes
3 answers

Deterministic encryption using AWS KMS

I need to build an identity service that uses a customer supplied key to encrypt sensitive ID values for storage in RDS but also has to allow us to look up a record later using the plaintext ID. We'd like to use a simple deterministic encryption…
Mike B
  • 21
  • 4
2
votes
1 answer

How to verify the Secrets Manager credential rotation is successful

I enabled the rotation and checked lambda funcion logs, there is no error, everything looks fine. But I retrieved the secret in Secrets Manager console, it's still the old password. I don't know what's going on. In AWS CLI: aws secretsmanager…
wawawa
  • 2,835
  • 6
  • 44
  • 105
2
votes
0 answers

MinIO integration with KMS using Java SDKs

I am new to MinIO and trying to use Java based SDKs (MinIO and/or Amazon SDK). For normal files it is working fine, but when I try uploading a file with SSE-C (i.e. with KMS client provided key id), I am getting this error (in case of Amazon…
Jawwad
  • 21
  • 4
2
votes
2 answers

Why doesn't AWS KMS encrypt/decrypt need data key?

I am reading AWS encrypt cli document from https://docs.aws.amazon.com/cli/latest/reference/kms/encrypt.html and https://docs.aws.amazon.com/cli/latest/reference/kms/decrypt.html. I found that I am able to encrypt/decrypt without creating a data…
Joey Yi Zhao
  • 37,514
  • 71
  • 268
  • 523
2
votes
1 answer

How to create KMS asymmetric signing key resource with Cloudformation?

I've tried the following resource in my template: SigningKey: Type: AWS::KMS::Key Properties: Description: "Auth API signing key" Enabled: true # Grant all permissions for root account KeyPolicy: Version:…
Agost Biro
  • 2,709
  • 1
  • 20
  • 33
2
votes
1 answer

How to authorize Lambda function to post to BigQuery?

I have been stuck on this problem for the past two days. I am wanting to use Lambda as Cron operation to get data from my database and post it to BigQuery. I would like to know how to authorize access to BigQuery using a services account file from…
tintinthong
  • 131
  • 4
2
votes
0 answers

TypeError: argument should be a bytes-like object or ASCII string, not 'Binary'

I'm trying to validate user with username and saved encrypted password, the first lambda function gives an error as the type should not be binary, however in the second lambda function, which I used to save the username and password details, if I…
Chandan
  • 89
  • 1
  • 8
2
votes
5 answers

Policy contains a statement with one or more invalid principals - AWS Cloudformation error

I have a CF template as shown below AWSTemplateFormatVersion: '2010-09-09' Transform: AWS::Serverless-2016-10-31 Description: gtm platform Lampda application deployment for ELasticCloud Parameters: SystemUserAccount: Description: The syatem…
fledgling
  • 991
  • 4
  • 25
  • 48
2
votes
1 answer

Getting 'The policy failed legacy parsing' when creating an AWS/IAM policy

I'm trying to create a policy, whose JSON is: { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "iam:ListPolicies", …
boardrider
  • 5,882
  • 7
  • 49
  • 86
2
votes
1 answer

Field level encryption using AWS KMS and AWS CloudHSM

There is a requirement to implement additional level of security for an application. Let's say there is a table with 10'000'000 users. The sensitive fields are user.first_name and user.last_name. We need to encrypt that data before storing it into…
yurko
  • 1,502
  • 1
  • 13
  • 14
2
votes
1 answer

Why does this AWS CloudFormation script throw "Policy contains a statement with one or more invalid principals" error?

I am trying to: Create a CMK Create a new bucket that requires/enforces use of that CMK Code is from here AWSTemplateFormatVersion: 2010-09-09 Description: Example template with Customer Master Key and S3 bucket Resources: Bucket: Type:…
MattG
  • 5,589
  • 5
  • 36
  • 52
1 2 3
46 47