Stack Overflow
Stack Overflow

Questions tagged [amazon-kms]

AWS Key Management Service (KMS) is an encryption and key management service scaled for the cloud. KMS keys and functionality are used by other AWS services, and you can use them to protect data in your own applications that use AWS.

AWS Key Management Service (KMS) is an encryption and key management service scaled for the cloud. KMS keys and functionality are used by other AWS services, and you can use them to protect data in your own applications that use AWS.

704 questions
7
votes
2 answers

How AWS KMS determine which key to use when decrypt?

I'm confused on how the aws-kms select which key to use to decrypt a ciphertextblob? When calling the decrypt method, no key information is provided.
xiaobing
  • 77
  • 1
  • 1
  • 6
7
votes
1 answer

AWS KMS Decrypt Error Credstash

My aws account is in us-west-2 region. and the KMS key created in that account has ARN arn:aws:kms:us-east-1::key/. In my node module, I am using Credstash to decrypt the key which is encrypted using the KMS key. var credstash = new Credstash({…
Anil Bhaskaran
  • 495
  • 1
  • 8
  • 23
7
votes
2 answers

How do I write the policy statement of an encrypted SQS for S3 events?

I have an SQS queue which used to have the following policy doc. for receiving S3 events from a bucket: { "Version": "2008-10-17", "Id": "example-ID", "Statement": [ { "Sid": "example-statement-ID", "Effect": "Allow", …
Dawny33
  • 10,543
  • 21
  • 82
  • 134
7
votes
2 answers

Encryption and Decryption file in s3 using Nodejs with AWS KMS

I am using AWS KMS to encrypt file to s3 bucket. I'm currently doing this using the AWS console, but I'd like to do this using Nodejs. I just checked some of the things but I am not getting any clear idea about the encryption and decryption using…
Team
  • 347
  • 1
  • 5
  • 16
7
votes
2 answers

InvalidCiphertextException when calling kms.decrypt with S3 metadata

I can add a client-side encrypted file via the Java SDK, and I can fetch the file too. I'm now trying to access it with boto3. (I know boto3 doesn't have support for this, but s3-wrapper does. This concerns boto3, though). I'm getting the s3…
tedder42
  • 23,519
  • 13
  • 86
  • 102
6
votes
1 answer

Sharing an AWS managed KMS key with another account

I have an s3 folder that has encrypted objects in it. It is encrypted with the AWS KMS managed keys, not a custom key. I need another AWS account to be able to copy files from this bucket. From what I can tell, I can't share this KMS key across…
sebastian
  • 2,008
  • 4
  • 31
  • 49
6
votes
1 answer

understanding kms policy?

I have a IAM group called group-dev and couple of users attached to this group, I have custom IAM policy(below). Does this IAM policy alone be sufficient for users in that group to encrypt and list kms keys? Basically My goal is to create IAM group…
user6826691
  • 1,813
  • 9
  • 37
  • 74
6
votes
1 answer

KMS permissions for encrypted CloudWatch LogGroups with AWS Systems Session Manager

I've set up a CMK (Custom Managed Key) to encrypt LogGroups with AWS Systems Session Manager: First, permissions for "key administrators" and "key users/roles" are added in the KMS console. Next, the CMK is attached in AWS Systems Manager Session…
ForeverLearningAndCoding
  • 499
  • 2
  • 7
  • 16
6
votes
1 answer

Encrypted bucket notifications from S3 to SQS

How can I set up S3 bucket notifications to a queue in SQS where KMS are used on both the bucket and the queue? I have a bucket in S3 where the contents are encrypted with an AWS Managed Key (the aws/s3 default key). I have a queue in SQS where SSE…
Nic
  • 4,319
  • 5
  • 29
  • 36
6
votes
2 answers

How to encrypt a column in Pandas/Spark dataframe using AWS KMS

I want to encrypt values in one column of my Pandas (or PySpark) dataframe, e.g. to take the the column mobno in the following dataframe, encrypt it and put the result in the encrypted_value column: I want to use AWS KMS encryption key. My question…
mLC
  • 663
  • 10
  • 22
6
votes
1 answer

Why AWS CloudWatch Alarm cannot send notification to encrypted SNS Topic?

I set up alerts to notify me if my lambda function memory usage is more than 80% of the lambda memory size. I'm capturing the data points using custom metrics and I am able to see the alerts in the cloudwatch console when the the memory usage is…
Nisman
  • 1,271
  • 2
  • 26
  • 56
6
votes
1 answer

How to get an AWS SSM Key Arn from an Alias using CloudFormation?

Is it possible to get a KMS Key ARN using CloudFormation using an alias? I want to give specific permissions to a Key in my AWS Account. Something like the following? - Effect: Allow Action: kms:Decrypt Resource: - 'Fn::GetAtt': …
Claudiordgz
  • 3,023
  • 1
  • 21
  • 48
6
votes
2 answers

CloudFormation KMS Encryption Questions

Given a CloudFormation template that defines: A KMS Key A KMS Key Alias An S3 bucket If for some reason I need to delete the CloudFormation stack and re-deploy, the deletion retains the KMS Key and Alias that was created. (This is sensible, I…
Anton Rand
  • 322
  • 5
  • 20
6
votes
1 answer

Can AWS S3 default encryption use a KMS key owned by another account?

I want to use the relatively new S3 default encryption property to ensure that all objects written to a particular prefix in an S3 bucket are encrypted. In this case, I need to be able to specify a KMS key owned by a different AWS account as the…
Mike Kantor
  • 1,400
  • 4
  • 24
  • 45
6
votes
3 answers

How can a Cloudfront distribution an AWS KMS key to GET an S3 image encrypted at rest?

I would like to use AWS's Server Side Encryption (SSE) with the AWS Key Management Service (KMS) to encrypt data at rest in S3. (See this AWS blog post detailing SSE-KMS.) However, I also have the requirement that I use Cloudfront Presigned URLs.…
Chris W.
  • 37,583
  • 36
  • 99
  • 136
1 2
3
46 47