Stack Overflow
Stack Overflow

Questions tagged [amazon-kms]

AWS Key Management Service (KMS) is an encryption and key management service scaled for the cloud. KMS keys and functionality are used by other AWS services, and you can use them to protect data in your own applications that use AWS.

AWS Key Management Service (KMS) is an encryption and key management service scaled for the cloud. KMS keys and functionality are used by other AWS services, and you can use them to protect data in your own applications that use AWS.

704 questions
3
votes
1 answer

AWS KMS Encryption - Limits of Data Size

I am trying to encrypt a large XML payload using AWS KMS Encryption SDK. I came across this link which states that there is a limit on bytes of data that can be encrypted You can encrypt up to 4 kilobytes (4096 bytes) of arbitrary data such as an…
Punter Vicky
  • 15,954
  • 56
  • 188
  • 315
3
votes
1 answer

Issue restoring KMS encrypted backup from S3 to RDS instance

I am attempting to backup a database from a non-AWS instance, push to S3, and then restore that database on an RDS instance. I've successfully pushed the file to S3 with server-side encryption, but I am running into a problem when trying to restore…
S. Davenport
  • 140
  • 1
  • 7
3
votes
2 answers

Does S3 encrypt data in transit?

I am trying to move potentially sensitive data to an S3 bucket from where I can put it into an Amazon Redshift cluster to perform analytics. I am transferring data from our current MySQL tables to CSVs, uploading them to S3, and using COPY to put…
A. Pearson
  • 191
  • 6
  • 20
3
votes
1 answer

S3 default SSE with KMS still requires a parameter for aws-cli

I've created an S3 bucket and configured default SSE to use KMS. I can upload a file to the bucket with aws-cli provided I pass the --sse aws:kms flag, e.g.: aws s3 cp --sse aws:kms test.txt s3://my-bucket But I expect this to work without the…
allsap
  • 333
  • 3
  • 8
3
votes
0 answers

AWS - Allow other Account to read and decrypt DynamoDB data with KMS (Java)

I have an account A, which has a DynamoDB Table with the contents encrypted using a KMS key, also in account A. I want to give access to account B so that it is able to read DynamoDB data and decrypt it using the same KMS key. First Step: DynamoDB…
Bonton255
  • 2,231
  • 3
  • 28
  • 44
3
votes
1 answer

Can aws_kms_ciphertext output be stable

In my terraform config I have aws_kms_ciphertext data sources whose ciphertext_blob attribute changes on every terraform apply. As an example... variable "profile" { type = "string" } provider "aws" { region = "us-west-2" profile =…
Stephen Paulger
  • 5,204
  • 3
  • 28
  • 46
3
votes
0 answers

MS SQL Extensible Key Management Using AWS KMS

On Azure, there is Azure Key Vault MS SQL Server Connector to store Transparent Data Encryption keys in the key vault instead of locally. Is there a solution to store on AWS KMS? Note: I can't use AWS RDS due to some unsupported features. If…
Jeow Li Huan
  • 3,758
  • 1
  • 34
  • 52
3
votes
2 answers

Disadvantage of using Amazon KMS to encrypt / decrypt small application data

A pair of Amazon Lambdas will symmetrically encrypt and decrypt a small piece of application data. I want to use Amazon KMS to facilitate this, because it solves the problems of secret storage and key rotation, and then some. The Amazon KMS…
Daniel B.
  • 1,650
  • 1
  • 19
  • 40
3
votes
1 answer

Nodejs async issue while decrypting aws kms keys

I have a lambda function in node6 which has 5 env variables all encrypted with aws kms. I have the following method which takes a encrypted key and returns a decrypted key. function decryptKMS(encryptedKey) { console.log('inside decryptkms'); const…
NPCRNPCR
  • 335
  • 3
  • 14
3
votes
1 answer

Filter AWS KMS Keys by Tag or by current role which has encrypt/decrypt permissions?

I am writing an API to display a list of kms keys to the user. Based on user selection I need to use that particular KMS key for encryption. Currently, I am displaying all the KMS keys. But I am facing issues while encrypting/decrypting because…
Gangaraju
  • 4,406
  • 9
  • 45
  • 77
3
votes
1 answer

Download and decrypt encrypted AWS CloudTrail log in the bucket

I am trying to download CloudTrail's log file that is stored in a S3 bucket but when I received the file it is unreadable until I realize that it could be encrypted as per say here and I don't know how to decrypt the file. Here is my code: …
Ihsan Haikal
  • 1,085
  • 4
  • 16
  • 42
3
votes
2 answers

Where to store configuration for an application store in AWS

I am building an AWS application that uses EC2, lambda, API gateway, S3, SQS and other services. Is there a mechanism to store global application settings that can be shared among many components? I'd like to avoid having environment variables set…
user3429660
  • 2,420
  • 4
  • 25
  • 41
3
votes
1 answer

How does parquet encryption work in AWS EMR?

I'm looking at the AWS documentation for enabling encryption on EMR, but I can't find any information on how this impacts the performance of Parquet files. Can EMR still take advantage of Parquet when optimizing queries? Examples: select count(1)…
Upio
  • 1,364
  • 1
  • 12
  • 27
3
votes
1 answer

How to encrypt data using KMS key in AWS Powershell script

I am trying to encrypt a text using AWS KMS and creating a powershell script. So I used New-KMSDataKey to encrypt my KMS master key which in output returns plaintextDataKey and ciphertextblob. Now I am using plaintextDataKey to encrypt my plaintext…
Atihska
  • 4,803
  • 10
  • 56
  • 98
3
votes
2 answers

AWS Java SDK: Specifying KMS Key Id For EBS

In the AWS Java SDK 1.10.69, I can launch an instance and specify EBS volume mappings for the instance: RunInstancesRequest runInstancesRequest = new RunInstancesRequest(); String userDataString =…
sydraz
  • 653
  • 6
  • 12
1 2 3
46 47