Stack Overflow
Stack Overflow

Questions tagged [amazon-kms]

AWS Key Management Service (KMS) is an encryption and key management service scaled for the cloud. KMS keys and functionality are used by other AWS services, and you can use them to protect data in your own applications that use AWS.

AWS Key Management Service (KMS) is an encryption and key management service scaled for the cloud. KMS keys and functionality are used by other AWS services, and you can use them to protect data in your own applications that use AWS.

704 questions
2
votes
1 answer

Why does not AWS Lambda automatically decrypt encrypted environment variables?

As far as I see on the net, I have to include a piece of code snippet to decrypt the environment variables encrypted with KMS keys but does anyone know the rationale for why this step has to be taken while the lambda function already has access to…
Rez.Net
  • 1,354
  • 2
  • 19
  • 28
2
votes
3 answers

AWS KMS Decrypt: How is the KMS Key configured?

I am a little confused as to how a cipher text blob is decrypted with the AWS KMS client. Here is an example from the AWS Docs: // Encrypt a data key // // Replace the following fictitious CMK ARN with a valid CMK ID or ARN String keyId =…
Fergal Rooney
  • 1,330
  • 2
  • 18
  • 31
2
votes
2 answers

How to encrypt and decrypt a string using AWS KMS?

I am trying to use AWS KMS to encrypt and decrypt a simple string, I am using the AWS Javascript SDK to do so, I am able to encrypt and somewhat decrypt the string as there are no errors, But the output of the KMS decrypt method, does not result in…
Dev1ce
  • 5,390
  • 17
  • 90
  • 150
2
votes
1 answer

Encrypted volume and own KMS key with AWS CDK fails

I'm trying to create a EBS Volume with the AWS CDK that is encrypted by my own KMS key in C#, with this snippet: var kmsProps = new EncryptionKeyProps { Description = "Encryption key for Storage", EnableKeyRotation = true, Enabled =…
Erik Karlsson
  • 570
  • 1
  • 6
  • 17
2
votes
1 answer

AWS Secret Manager creation with cross account KMS CMK

How enable encryption at rest with AWS secret manager using a KMS CMK from a different account ?
Upul Doluweera
  • 2,146
  • 1
  • 23
  • 28
2
votes
1 answer

Decrypt an object in AWS S3 without downloading it to local system

I have an encrypted file at an s3 bucket. I want to decrypt it programmatically without downloading it to my local machine. Is it possible to decrypt an encrypted file without downloading it to my local machine? Things I'm using to encrypt the…
Navneet Thakur
  • 71
  • 1
  • 8
2
votes
1 answer

DynamoDB, can't save encrypted data, "not authorized to perform: kms:GenerateDataKey on resource"

I'm trying to save encrypted data to DynamoDB with the help of the "Amazon DynamoDB Encryption Client for Java". I also use the Serverless framework to deploy my application (some Lamdba functions using DynamoDB). The AWS Lamdba functions are…
user3791111
  • 1,469
  • 1
  • 15
  • 20
2
votes
1 answer

Boto3 AWS KMS encrypt and decrypt file

I have a python script trying to encrypt a file with AWS KMS using boto3. I can get the file encrypted and wrote into a file. But when I tried to decrypted the file using the second part code, it raised an error as below, could someone help on this…
Bruce Zhao
  • 21
  • 1
  • 2
2
votes
1 answer

Loading a custom ApplicationContextInitializer in AWS Lambda Spring boot

How to loada custom ApplicationContextInitializer to in spring boot AWS Lambda? I have an aws lambda application using spring boot, I would like to write an ApplicationContextInitializer for decrypting database passwords. I have the following code…
S.Jose
  • 409
  • 5
  • 15
2
votes
2 answers

Unable to download files from S3 after KMS encryption

Using terraform I am able to create S3 bucket with KMS encryption enable. But When I try to download any file from S3 KMS enabled bucket, it fails to download saying Access Denied Error logs:- download failed:…
asur
  • 1,759
  • 7
  • 38
  • 81
2
votes
1 answer

Iis it possible to encrypt Lambda environment variables with the default KMS?

In the AWS Console under "Encryption configuration", I noticed I can't encrypt my environment variables using the default Lambda KMS. Am I missing something? Or do I have to create my own key to enable encryption at rest?
Gambit2007
  • 3,260
  • 13
  • 46
  • 86
2
votes
1 answer

Aws S3 etag not matching md5 after KMS encryption

All- We are working on migrating some confidential & regulatory information from Local UNIX file system to S3. The files are copied using AWS EC2 instance into S3 using "aws s3 cp--sse aws:kms --sse-kms-key-id....... " command. What i have noticed…
Richard
  • 381
  • 2
  • 4
  • 22
2
votes
0 answers

Why does AWS/KMS restrict ListAliases to the current account?

KMS allows you to grant access to keys in other accounts in order to perform operations like Encrypt, Decrypt, and GenerateDataKey. Meanwhile, the kms:ListAliases docs state: "You cannot list aliases in other accounts." Would be nice if I could…
Marc Swingler
  • 181
  • 10
2
votes
5 answers

AWS SSM Parameters Store

Is there anyway to just nuke / remove all items in AWS Parameters Store? All the command line I found are to remove it either one by one or remove it given a list of names. I also tried using aws ssm delete-parameters --cli-input-json…
Harts
  • 4,023
  • 9
  • 54
  • 93
2
votes
2 answers

AWS EMR - Write to S3 Using the Correct Encryption Key

I have an EMR cluster (v5.12.1) and my S3 bucket setup with encryption at rest using the same AWS SSE-KMS key. Reading the data from S3 works fine, but when I write to my S3 bucket using a Pyspark script - the parquet files are encrypted using the…
minus34
  • 255
  • 1
  • 5
  • 16
1 2 3
46 47