Stack Overflow
Stack Overflow

Questions tagged [amazon-kms]

AWS Key Management Service (KMS) is an encryption and key management service scaled for the cloud. KMS keys and functionality are used by other AWS services, and you can use them to protect data in your own applications that use AWS.

AWS Key Management Service (KMS) is an encryption and key management service scaled for the cloud. KMS keys and functionality are used by other AWS services, and you can use them to protect data in your own applications that use AWS.

704 questions
4
votes
2 answers

"Failed to fetch a list of secrets" on AWS Secrets Manager console?

Has anyone noticed some unpredictable failures on AWS Secret Manager when trying to retrieve secret values? I'm using my own encryption key, and I've found that frequently, I am getting a "Failed to fetch a list of secrets" error on the AWS console…
SteveM
  • 66
  • 1
  • 3
4
votes
3 answers

Can a SSE:KMS Key ID be specified when writing to S3 in an AWS Glue Job?

If you follow the AWS Glue Add Job Wizard to create a script to write parquet files to S3 you end up with generated code something like this. datasink4 = glueContext.write_dynamic_frame.from_options( frame=dropnullfields3, …
Stephen Paulger
  • 5,204
  • 3
  • 28
  • 46
4
votes
3 answers

Amazon S3: Encrypt messages coming from Amazon SES

I am using Amazon SES to receive emails, which are then stored in Amazon S3 through a rule set. These messages are then retrieved by my program, written in Java. The whole process is currently working like a charm. The troubles come when I try to…
Cccompany
  • 227
  • 2
  • 13
4
votes
1 answer

AWS CloudFormation Autoscaling create encrypted EBS root volume with customer key

As a requirement I need to have all my EBS volume encrypted with a customer KMS (and not de fault aws/ebs one) In the LaunchConfig's BlockDeviceMappings properties I do see a property "Encrypted" but I do not see anyway of specifying a custom KMS I…
Johny19
  • 5,364
  • 14
  • 61
  • 99
4
votes
2 answers

AWS Encryption SDK Encrypt/Decrypt with Data Key

I'm attempting to encrypt data using KMS and the AWS Encryption SDK. Looking at the example provided in the AWS documentation, it appears that there is nowhere to explicitly set the data key. I've found API documentation for the…
Weston Sankey
  • 301
  • 4
  • 18
4
votes
2 answers

How to see AWS KMS events on AWS cloudtrail?

I am using AWS KMS to encrypt and decrypt some data. I want to track all KMS accesses using AWS cloudtrail. When I open my cloudtrail events page, I can't see KMS related events. On KMS documentation page, it is mentioned that kms events are logged…
Naveen
  • 77
  • 1
  • 10
4
votes
2 answers

Key Management Services

What algorithms or encryption methods are used behind Amazon Key Management Services? I searched for it but found only configuration related information instead of Integration information.
Sanat Dwivedi
  • 43
  • 5
4
votes
2 answers

AWS SSM Parameter Store with CloudFormation

From the CFN docs I can see that I can create an AWS::SSM::Parameter. I also see how I can create a KMS Master Key. However the type parameter on the SSM:Parameter in the doc page does not list the secure string type. Is there a way that I can do…
Sam Hammamy
  • 10,819
  • 10
  • 56
  • 94
4
votes
1 answer

failing to decrypt blob passwords only once in a while using amazon kms

import os, sys AWS_DIRECTORY = '/home/jenkins/.aws' certificates_folder = 'my_folder' SUCCESS = 'success' class AmazonKMS(object): def __init__(self): # making sure boto3 has the certificates and region files result = os.system('mkdir -p…
WebQube
  • 8,510
  • 12
  • 51
  • 93
4
votes
1 answer

AWS: Using a KMS-encrypted master password to create a RDS instance

When creating a new RDS instance on AWS via the aws cli tools, is it possible to use a master password which is encrypted with an AWS KMS key? E.g. using this command: http://docs.aws.amazon.com/cli/latest/reference/rds/create-db-instance.html I'm…
derFunk
  • 1,587
  • 2
  • 20
  • 31
4
votes
1 answer

Require KMS encryption with specific key ID in S3 bucket policy

I'm trying to require all objects put into a bucket to be encrypted with a specific KMS key. I've managed to require KMS encryption, but the key specification does not work. Here is the current policy I have (sans real bucket names and ids): { …
dagvl
  • 701
  • 7
  • 10
4
votes
0 answers

Can't Delete an Encryption Key Created by Amazon SES

I was messing around with AWS SES for the first time, and let the service create some default encryption keys for a new organization to encrypt emails. However, when I deleted that organization, the keys stayed behind. I am now unable to schedule…
Rabadash8820
  • 2,328
  • 3
  • 27
  • 49
4
votes
1 answer

AWS S3 server side encryption using CLI

I'm trying to use server side encryption having AWS KMS setup to upload objects to S3. The documentation says that the uploaded objects should be encrypted; Server-side encryption is about data encryption at rest—that is, Amazon S3 encrypts your…
vtor
  • 8,989
  • 7
  • 51
  • 67
4
votes
3 answers

Getting the KMS key from KMS CipherTextBlob

How do I get the KMS key information from the ciphertext blob? Taking the example from the aws website AWS KMS doc aws kms encrypt --key-id 1234abcd-12ab-34cd-56ef-1234567890ab --plaintext fileb://ExamplePlaintextFile --output text --query…
Malcolm O'Hare
  • 4,879
  • 3
  • 33
  • 53
4
votes
0 answers

How to use AWS KMS for column level encryption on SQL Server

Can we use AWS KMS to enable column encryption on SQL Server Database (Web Edition) available. The Database Server is available on AWS iteself. Please let me know your thoughts. Thanks in Advance!
JJoe123
  • 71
  • 5
1 2 3
46 47