amazon-kms Questions
3
Solved
I've set up a CMK (Custom Managed Key) to encrypt LogGroups with AWS Systems Session Manager:
First, permissions for "key administrators" and "key users/roles" are added in the...
Caryncaryo asked 1/7, 2020 at 4:49
4
How exactly does encryption key rotation work? I understand it's a very good practice to continuously rotate your encryption keys for security purposes, but rotating a key would require too much wo...
Presidium asked 22/4, 2021 at 6:9
7
Solved
I am trying to setup minimal permissions for doing aws rds copy-db-snapshot with a KMS encryption key:
$ aws rds copy-db-snapshot --source-db-snapshot-identifier rds-backup-share-
mysql --target-d...
Schock asked 22/8, 2017 at 15:1
2
Solved
I have multiple IAM role (up to 100) required to use this KMS key.
Instead of listing all the IAM role in the KMS key policy. Is there any way I can wildcard or condition it?
{
"Sid": &q...
Vulvitis asked 6/1, 2023 at 10:49
4
Solved
I am trying to understand the key management services in AWS (Amazon Web Services) and I can see that Amazon recommends more AWS Key Management Service (KMS) over Cloud Hardware Security Module (Cl...
Tindall asked 8/5, 2021 at 10:11
2
Solved
Let me start out by saying that it feels like this question is asked a lot, but none of the answers in the questions seem to resolve the issue I'm experiencing.
I am writing a lambda function in N...
Janinajanine asked 3/1, 2019 at 17:17
4
Solved
I have code that retrieves a string that was encrypted using Amazon's aws kms encrypt function. I would like to call aws kms decrypt to get back the unencrypted value, but I would like to do this w...
Woolgrower asked 28/3, 2018 at 14:28
4
Solved
I have a lambda which accesses the S3.
Before, this lambda program worked well. But recently I changed KMS key of S3 or some other security group setting, (lambda source code doesn't change)
There ...
Blakely asked 23/6, 2022 at 11:32
3
I'm writing a serverless function on AWS Lambda.
On certain instances I need to use kms:GenerateDataKey* permissions.
What exactly is the purpose of this. I checked the AWS documentation but it is ...
Aronoff asked 14/11, 2019 at 5:54
2
I am generating a pre-signed URL in a C# .NET Core 2.0 API controller class using the AWSSDK.S3 (3.3.31.11). The resulting URL is intended to be used by a client side Angular application to upload ...
Juryrig asked 25/1, 2019 at 16:40
2
I am trying to use aws encryption sdk in a NestJS application, the next code source shows the implementation.
import { Controller, Get } from '@nestjs/common';
import {KmsKeyringNode, encrypt} fro...
Expand asked 9/6, 2020 at 11:53
2
Solved
AWS-CDK: Passing cross-stack references props between multi region (cross-region) stacks in AWS- CDK
I have to deploy one stack, let's call it the parent stack in one region
Them a second stack(child) needs to be deployed, in another region.
The region of the second stack(child stack) can not incl...
Artis asked 25/11, 2021 at 15:34
13
Solved
I have a boto3 client :
boto3.client('kms')
But it happens on new machines, They open and close dynamically.
if endpoint is None:
if region_name is None:
# Raise a more specific error messa...
Unrelenting asked 2/11, 2016 at 10:30
3
When I am trying to execute the command:
aws kms decrypt --ciphertext-blob fileb://CPOEncrypted.txt --output text --query Plaintext
I am getting the below error and I am suspecting that cipherte...
Taxiway asked 12/7, 2017 at 16:17
5
Solved
When decrypting ciphertext from the command line using the AWS CLI, the ciphertext gets decrypted without issues:
$ aws kms decrypt --ciphertext-blob fileb://encrypted-secrets --output text --quer...
Granicus asked 13/11, 2016 at 19:36
2
Solved
I am trying to copy an AMI from one AWS account to another and encrypt it with a CMK in the target account.
The key policy on the CMK is:
{
"Version": "2012-10-17",
"Id": "key-default",
"State...
Tomkins asked 16/8, 2017 at 14:28
2
I want to encrypt values in one column of my Pandas (or PySpark) dataframe, e.g. to take the the column mobno in the following dataframe, encrypt it and put the result in the encrypted_value column...
Copestone asked 3/6, 2019 at 13:37
3
Solved
I would like to use AWS's Server Side Encryption (SSE) with the AWS Key Management Service (KMS) to encrypt data at rest in S3. (See this AWS blog post detailing SSE-KMS.)
However, I also have the...
Spongy asked 4/5, 2018 at 3:9
2
Solved
I am working on a cloud formation template for a KMS key. In the policy document I want to set the the principals depending on the stage (whether it is prod or test). I can use Fn:If easily if ther...
Rufus asked 10/7, 2019 at 12:13
2
Solved
I am using the Key Management service (KMS) in AWS and am currently setting up key policies.
I created two roles KmsUser and KmsAdmin and attached the following key policy to my CMK:
{
"Version"...
Rb asked 4/3, 2020 at 15:22
3
Solved
I am working with the AWS SDK using the KMS libary. I would like to use async and await instead of callbacks.
import AWS, { KMS } from "aws-sdk";
this.kms = new AWS.KMS();
const key = await this...
Hogweed asked 13/7, 2018 at 15:18
2
I'm just getting myself setup with the AWS Key Management Service and am calling the method generateDataKey. The method is working and returning the CiphertextBlob and the Plaintext blob.
However,...
Territus asked 23/6, 2015 at 20:22
1
Solved
I am trying to use Amazon S3 as a file system with encryption.
I am successfully able to achieve uploading file on AWS S3 server using KMS Encrypted key (Server side Encryption). Please find below ...
Spoonbill asked 29/6, 2017 at 6:10
3
Solved
I recently was getting ready for the Security Speciality Exam, and I got the question to choose between using the Parameter Store to store a secret database connection URL which could hold password...
Danita asked 30/10, 2020 at 11:0
2
I want to create a KMS key using CloudFormation. I want to be able to provide the user executing the cloudformation YAML file (I'll call them "cloudformation-runner"), administrative access to the ...
Staccato asked 20/10, 2018 at 15:39
1 Next >
© 2022 - 2025 — McMap. All rights reserved.