Stack Overflow
Stack Overflow

Questions tagged [amazon-kms]

AWS Key Management Service (KMS) is an encryption and key management service scaled for the cloud. KMS keys and functionality are used by other AWS services, and you can use them to protect data in your own applications that use AWS.

AWS Key Management Service (KMS) is an encryption and key management service scaled for the cloud. KMS keys and functionality are used by other AWS services, and you can use them to protect data in your own applications that use AWS.

704 questions
11
votes
2 answers

Getting the error in using Terraform for AWS: "The new key policy will not allow you to update the key policy in the future."

Running terraform for creatind a key policy in AWS KMS I am getting the error: aws_kms_key.dyn_logs_server_side_cmk: MalformedPolicyDocumentException: The new key policy will not allow you to update the key policy in the future. status code: 400,…
Alex
  • 7,007
  • 18
  • 69
  • 114
11
votes
1 answer

How to encrypt AWS Lambda environment variables using CloudFormation

I am working on an AWS CloudFormation template that includes a Lambda function with sensitive environment variables. I'd like to set up a KMS key and encrypt them with it, which is easy to do in the console but proving very difficult to do in…
Mitchell Griest
  • 467
  • 1
  • 7
  • 21
10
votes
4 answers

What are the differences between AWS Cloud HSM and KMS?

I am trying to understand the key management services in AWS (Amazon Web Services) and I can see that Amazon recommends more AWS Key Management Service (KMS) over Cloud Hardware Security Module (Cloud HSM). But I am having a hard time finding the…
user11607387
10
votes
2 answers

How to use Fn::If with array values in cloud formation templates

I am working on a cloud formation template for a KMS key. In the policy document I want to set the the principals depending on the stage (whether it is prod or test). I can use Fn:If easily if there is only one principal for both stages. But I have…
SanD
  • 503
  • 2
  • 7
  • 25
10
votes
1 answer

Difference between KMS encryption and S3 SSE

Is there any difference if I KMS encrypt a file and push that file to S3 bucket vs put the file to S3 bucket using SSE KMS encryption?
Punter Vicky
  • 15,954
  • 56
  • 188
  • 315
10
votes
2 answers

NodeJS AWS KMS Decryption in Lambda

Let me start out by saying that it feels like this question is asked a lot, but none of the answers in the questions seem to resolve the issue I'm experiencing. I am writing a lambda function in NodeJS. Everything about it works great except for…
Lisa
  • 2,102
  • 7
  • 26
  • 44
10
votes
2 answers

AWS SSM Parametes GET using KMS decryption

Scenario: One of our scripts uses boto3 kms api to PUT and GET SSM parameters with KMS encryption and decryption. SSM param put works perfectly fine and parameters are added (with decryption as true) with secure string in the EC2 SSM param…
Vishal
  • 1,963
  • 2
  • 20
  • 23
10
votes
2 answers

AWS Rest API without SDK

For a variety of reasons I can't use AWS SDKs and have to make rest calls to the APIs. I've figured out authentication but need to understand what resources to call. Most of the AWS documentation points to their SDKs. How can I figure out Rest Calls…
sparkFinder
  • 3,336
  • 10
  • 42
  • 57
9
votes
2 answers

AWS-CDK: Passing cross-stack references props between multi region (cross-region) stacks in AWS- CDK

I have to deploy one stack, let's call it the parent stack in one region Them a second stack(child) needs to be deployed, in another region. The region of the second stack(child stack) can not include the region where the parent was deployed. The…
MasterOfTheHouse
  • 1,164
  • 1
  • 14
  • 34
9
votes
2 answers

Use terrform to update a KMS Key Policy

Does anyone know how I would get Terraform to UPDATE an existing KMS Key policy? I already have the KMS Key(s) created but I have a temporary IAM role that needs to use an existing KMS key. I would like to be able to add this "new" IAM role to the…
SnazzyBootMan
  • 669
  • 2
  • 15
  • 30
9
votes
3 answers

A client error (InvalidCiphertextException) occurred when calling the Decrypt operation:

When I am trying to execute the command: aws kms decrypt --ciphertext-blob fileb://CPOEncrypted.txt --output text --query Plaintext I am getting the below error and I am suspecting that ciphertext issue. A client error (InvalidCiphertextException)…
Sai
  • 91
  • 1
  • 1
  • 4
9
votes
1 answer

How to manage Asymmetric (Public/Private) Keys in AWS

I need to develop a solution to store both symmetric and asymmetric keys securely in AWS. These keys will be used by applications that are running on EC2s and Lambdas. The applications will need to be set up with policies that will allow the…
Joshy
  • 657
  • 8
  • 20
8
votes
1 answer

getSecretValue callback is not working in AWS Lambda

I'm trying to retrieve Secret Value from AWS Secret Manager using aws-sdk for Javascript, I'm using the code snippet provided by Secret Manager, I have included this code in Lambda function, but I can't see any console logs defined inside the…
kzrfaisal
  • 1,355
  • 5
  • 15
  • 26
8
votes
2 answers

How to generate AWS S3 pre-signed URL using signature version 4

I am generating a pre-signed URL in a C# .NET Core 2.0 API controller class using the AWSSDK.S3 (3.3.31.11). The resulting URL is intended to be used by a client side Angular application to upload a file to an S3 bucket that is encrypted using…
Robert Lysik
  • 471
  • 1
  • 3
  • 10
7
votes
2 answers

Using Encrypted EBS Volumes in Auto Scaling Groups with CMK owned by a different AWS account

I'm trying to use Auto Scaling groups in AWS to create and manage instances created from AMIs with encrypted snapshots, which have been encrypted by a CMK owned by a different AWS account. I keep getting the error "Client.InternalError: Client…
D. Cook
  • 382
  • 3
  • 10
1
2
3
46 47