Questions tagged with AWS Key Management Service
AWS Key Management Service (KMS) makes it easy for you to create and manage cryptographic keys and control their use across a wide range of AWS services and in your applications.
Content language: English
Filter questions
Select tags to filter
Sort by
Sort by most recent
Browse through the questions and answers listed below or filter and sort to narrow down your results.
402 results
Hi all
I'm trying to update (adding new policy statements) an existing KMS key policy using Terraform. I tried to follow the answers and comments in https://repost.aws/questions/QUFXg8npfcTySJauEPnpF...
asked a year ago
I have a role that is assumed in my account and it has access rights for the S3 bucket within the same account, it also appears to hae the policy/permissions for the KMS key actions to encrypt or decr...
Hi Team
We are trying to create an Iceberg Table through Athena and we need to use the KMS Key of the Location, and therefore we are specifying the property 'has_encrypted_data'='true', as documented...
Issue Description: I am encountering an AccessDeniedException when attempting to access or modify the key policy for my KMS key. Even as the root user, I receive the following error:
An error occurred...
I have a feature to build and the use of HMAC seems to fit. Apparently the general best practice is to create KMS HMAC key and call GenerateMac/VerifyMac. However, it would be too expensive for us if ...
We noticed the kms_key parameter in the latest document: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/postgresql-s3-export-functions.html#aws_s3.export_query_to_s3
But there isn't any...
We are trying to use cross account KMS key sharing. We can successfully use the KMS key to do Envelope encryption from another account by setting up the key policy. But, after we added the condition c...
I need to import a RSA 4096 External key to my KMS. I have followed the steps given in the knowledgebase and also tried to get help from ChatGPT. But nothing seems to work so far.
if i follow the ste...
AWS CloudHSM v5 documentation says, regarding CKA_MODIFIABLE attribute of a secret key
> This attribute is partially supported by the firmware and must be explicitly set only to the default value.
Th...
hi. I added a service control policy to deny any user to delete the kms key. so all account (Except management) cannot schedule a key deletion. actually, when a user tries to delete the key, an error...
asked a year ago
It seems that there is no option to sort the list of KMS keys based on their creation date within the AWS Console. This feature would be incredibly useful for users who manage a large number of keys a...
I am using CMK with KMS for encrypting the snapshots. As per organization policy, CMK must be rotated after every 45 days. Is there a way to automate the re-encryption of existing snapshots using the...
asked a year ago