Stack Overflow
Stack Overflow

Questions tagged [amazon-kms]

AWS Key Management Service (KMS) is an encryption and key management service scaled for the cloud. KMS keys and functionality are used by other AWS services, and you can use them to protect data in your own applications that use AWS.

AWS Key Management Service (KMS) is an encryption and key management service scaled for the cloud. KMS keys and functionality are used by other AWS services, and you can use them to protect data in your own applications that use AWS.

704 questions
6
votes
2 answers

AWS Glue reading S3 file client-side encryption using AWS KMS

Is it possible to crawl S3 file encrypted using CSE-KMS in AWS Glue? I know that Athena can do that, but haven't found similar functionality in Glue crawler
Tofig Hasanov
  • 3,303
  • 10
  • 51
  • 81
6
votes
1 answer

Error while decrypting file using KMS key in Amazon S3

I am trying to use Amazon S3 as a file system with encryption. I am successfully able to achieve uploading file on AWS S3 server using KMS Encrypted key (Server side Encryption). Please find below working code : For Encrypt: private static final…
Jaimin Darji
  • 374
  • 2
  • 19
6
votes
2 answers

How to properly encrypt Elasticsearch instance with KMS

I will use my Rails/Mysql/Elasticsearch for processing some sensitive data, so I want to encrypt my data at rest. It is clear to me that I can use AWS KMS to encrypt data in Mysql. It's important for me that this encryption is transparent for my…
borisano
  • 1,270
  • 1
  • 16
  • 28
6
votes
4 answers

How to use AWS KMS in AWS lambda

I've just started to work with AWS services, particularly AWS Lambda. Is there a way to use AWS KMS service from within Lambda code (Java). I'd like to use KMS to decrypt an encrypted externalized (read from a property) secret. My Lambda code is…
vutbao
  • 133
  • 1
  • 2
  • 6
6
votes
2 answers

AWS KMS - Store/Use Ciphertext Blob

I'm just getting myself setup with the AWS Key Management Service and am calling the method generateDataKey. The method is working and returning the CiphertextBlob and the Plaintext blob. However, the blobs are formatted something…
Jason
  • 1,105
  • 3
  • 16
  • 30
5
votes
1 answer

AWS System Managers + CodeDeploy + Lightsail

I want to use AWS System Managers Store Parameters with my CodeDeploy pipeline, dropping my last commit on Lightsail. ✅ 1. I created a SSM Parameters : MySecureString. The parameters is set on SecureString with KMS encryption set on Actual account…
GuillaumeRZ
  • 2,656
  • 4
  • 19
  • 35
5
votes
1 answer

Permissions required for Lambda to access KMS

I'm using AWS CDK. I have created Customer Managed CMK KMS key to enable Server Side encryption on dynamoDB tables. KMS Key Policy: public static getKMSKeyPolicyDocument(): PolicyDocument { return new PolicyDocument({ statements: [ …
Aman kumar
  • 83
  • 1
  • 7
5
votes
1 answer

AWS Error Message: Requests specifying Server Side Encryption with AWS KMS managed keys require AWS Signature Version 4

I am facing the following error while writing to S3 bucket using pyspark. com.amazonaws.services.s3.model.AmazonS3Exception: Status Code: 400, AWS Service: Amazon S3, AWS Request ID: A0B0C0000000DEF0, AWS Error Code: InvalidArgument, AWS Error…
Sow
  • 71
  • 1
  • 4
5
votes
1 answer

Why do some AWS KMS keys only show Policy View?

I have two KMS "Customer Managed Keys" in the same region. One of them has a button that switches between Default View and Policy View... And the other only shows Policy View... What is the explanation for this inconsistency?
Ian Warburton
  • 15,170
  • 23
  • 107
  • 189
5
votes
2 answers

Administrator cannot encrypt/decrypt in AWS KMS

I am using the Key Management service (KMS) in AWS and am currently setting up key policies. I created two roles KmsUser and KmsAdmin and attached the following key policy to my CMK: { "Version": "2012-10-17", "Statement": [ { "Sid":…
mat
  • 1,645
  • 15
  • 36
5
votes
2 answers

How to get KMS KeyId using alias?

I'm using the awssdk v2: https://sdk.amazonaws.com/java/api/latest/ I want to put objects in S3 using a customer-managed KMS key for encryption at rest, I'm using sse-c to achieve this. However, it seems to always default to the AWS managed key as…
px06
  • 2,256
  • 1
  • 27
  • 47
5
votes
1 answer

AWS KMS retire vs revoke grant

I'm managing KMS permissions to CMK's across AWS accounts, to prove an account with access to another account's KMS key(s) I'm using Grants rather than policies since AWS suggests they're more temporary which fits my need for all intents and…
Tom Nijs
  • 3,835
  • 3
  • 22
  • 40
5
votes
2 answers

Decrypting keys from aws-kms in Ruby

I’m using serverless-kms-secrets on serverless frameword to set some ENV variables I want to consume using Ruby. I can confirm that the plugin works perfectly, it generated the file with the encrypted variable and I can see the encrypted variable in…
ngw
  • 1,222
  • 1
  • 14
  • 34
5
votes
1 answer

Kinesis Firehose KMS encryption

I'm setting up a Kinesis Firehose delivery stream to S3, and I noticed you can set a custom KMS key to be used for encrypting the files on S3. However, if the S3 bucket already has KMS encryption enabled, files would be encrypted anyway. The…
JHH
  • 8,567
  • 8
  • 47
  • 91
5
votes
1 answer

Unable to read or write any files using AWS Transfer for SFTP when using KMS encryption key

I've set up a server under Amazon's new AWS Transfer for SFTP managed SFTP service according the user guide, but I've been unable to get it to work with a KMS encryption key. My SFTP client can authenticate fine, but when I attempt to put a file,…
Jud
  • 1,158
  • 1
  • 8
  • 17
1 2 3
46 47