1 réponse
- Le plus récent
- Le plus de votes
- La plupart des commentaires
0
Hello,
The steps mentioned in initialization of cluster like Get the cluster CSR , Sign the CSR are for verifying the identity of the cluster for security reason. Those keys are NOT used for encrypt/decrypt files in S3.
You need to create new symmetric keys in KMS custom key store using https://docs.aws.amazon.com/kms/latest/developerguide/create-cmk-keystore.html#create-cmk-keystore-console Also AWS CloudHSM key stores support only symmetric encryption KMS keys.
If you are concerned about KMS FIPS compliance then recently AWS KMS HSMs upgraded to FIPS 140-2 Security Level 3 https://aws.amazon.com/about-aws/whats-new/2023/05/aws-kms-hsm-fips-security-level-3/
Thanks
répondu il y a un an
Contenus pertinents
- demandé il y a un an
- demandé il y a un an
- demandé il y a 2 mois
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 3 ans
- AWS OFFICIELA mis à jour il y a 6 mois