Stack Overflow
Stack Overflow

Questions tagged [amazon-kms]

AWS Key Management Service (KMS) is an encryption and key management service scaled for the cloud. KMS keys and functionality are used by other AWS services, and you can use them to protect data in your own applications that use AWS.

AWS Key Management Service (KMS) is an encryption and key management service scaled for the cloud. KMS keys and functionality are used by other AWS services, and you can use them to protect data in your own applications that use AWS.

704 questions
5
votes
1 answer

Cross account access to AWS SQS with Server-side Encryption enabled

Context: There is an API that lives in AWS account 2 takes SQS url as one of its inputs and publishes output to it. Owner of account 1 wants to use this API with his own SQS queue. Account 1 has an SQS queue with SSE-KMS enabled. Owner of account 1…
Tofig Hasanov
  • 3,303
  • 10
  • 51
  • 81
5
votes
2 answers

AWS permissions required to copy and encrypt AMI

I am trying to copy an AMI from one AWS account to another and encrypt it with a CMK in the target account. The key policy on the CMK is: { "Version": "2012-10-17", "Id": "key-default", "Statement": [ { "Effect": "Allow", …
smilin_stan
  • 1,693
  • 2
  • 28
  • 40
5
votes
1 answer

AWS: Decrypt SES/KMS encrypted mails

Today I was playing around with the SES email receiving rule sets. I defined a S3 bucket to save the incoming mails to. I also checked the "Encrypt Message" option with the default KMS master key for SES. After doing that I realized that I don't…
0s1r1s
  • 1,723
  • 1
  • 13
  • 15
5
votes
1 answer

DynamoDB: can we use encryption and cross-region replication together?

DynamoDB: can we use encryption and cross-region replication together? We are evaluating DynamoDB for our new application. Our requirements are: Data encryption at rest Cross-region replication for disaster recovery. Our app in a region must rely…
ez121sl
  • 2,371
  • 1
  • 21
  • 28
5
votes
2 answers

Is there a way to sign cloudfront urls using amazon KMS keys?

I have been able to sign cloudfront URLs using private keys, but keeping private keys secure is difficult. I am thinking about using KMS to keep the private keys secure, is there a way to sign URLs using the keys stored in amazon KMS?
Nas
  • 51
  • 2
4
votes
1 answer

AWS - Can a KMS replica key be created in a different account from the primary

If I created a multi-region CMK in account A, would I be able to create replica keys in another account in a different region, assuming the right permissions are granted? Or must replica keys be created in the same AWS account?
Adrian Pang
  • 1,125
  • 6
  • 12
4
votes
1 answer

Decrypting Amazon SP API Report Document using python. AES, CBC, base64

I am trying to decrypt the report document. I have the following details for decryption: { "payload": { "reportDocumentId": "XXXX", "encryptionDetails": { "standard": "AES", "initializationVector": "XXXX", "key":…
Manaal Soni
  • 73
  • 12
4
votes
3 answers

Parameter Store Vs Encrypted Environment Variables for Lambda

I recently was getting ready for the Security Speciality Exam, and I got the question to choose between using the Parameter Store to store a secret database connection URL which could hold passwords or to use KMS encrypted environment variables in…
Derrops
  • 7,651
  • 5
  • 30
  • 60
4
votes
0 answers

Getting invalidCiphertextException: null when decrypting data which was encrypted with kms public key

I am building a POC based on asymmetric encryption where the public key from KMS will be downloaded and used on the client side to encrypt sensitive data and once that data is received at the server end it needs to be decrypted using KMS decrypt…
Talha Khalid
  • 41
  • 2
4
votes
2 answers

"EC2 Metadata roleName request returned error" using aws encryption library with NestJS

I am trying to use aws encryption sdk in a NestJS application, the next code source shows the implementation. import { Controller, Get } from '@nestjs/common'; import {KmsKeyringNode, encrypt} from…
Alfonso
  • 71
  • 1
  • 1
  • 6
4
votes
1 answer

Grant usage of default KMS keys to IAM Roles with CloudFormation

We have a number of SecureString SSM Parameter Store values created via our bash script automations. These are encrypted with an environment-specific KMS key + Alias created via CloudFormation. Also in the templates are IAM Roles for our EC2…
x3nr0s
  • 1,946
  • 4
  • 26
  • 46
4
votes
1 answer

How do i verify a digital signature outside AWS using java security APIs when i have used AWS KMS service to create the signature?

I have used AWS KMS to create a signature. Now I need to verify the signature outside AWS using java security APIs. Although iam able to get a public key successfully, the verify method returns false everytime. I used bouncycastleprovider but was…
piyush kumar
  • 41
  • 2
4
votes
1 answer

AWS EMR encrypt S3 bucket using KMS

I have the below situation for my EMR, can someone please guide how to go about to configure the same? EMR Cluster performs multiple operations across the data pipeline: EMR write to S3BUCKET1 with KMSKEY1 EMR write to S3BUCKET2 with KMSKEY2 How…
Richard
  • 381
  • 2
  • 4
  • 22
4
votes
1 answer

Adding a pem private key to AWS KMS

I received a pem file from github that I am writing an application for on AWS. Github requires a JWT to be signed using this key in order to authenticate the service. As the app is running on AWS, the most secure way to store and use the private key…
Stuart Buckingham
  • 1,574
  • 16
  • 25
4
votes
0 answers

Elastic beanstalk environment variables encryption using KMS

I'm working on an application which is hosted on AWS elastic beanstalk. I'm storing a few keys and passwords as environment variables within elastic beanstalk. These variables are stored into java variables using @data and @value annotations. I want…
Arun Selin
  • 603
  • 4
  • 11
1 2 3
46 47