Does EventBridge support CMK KMS keys for encryption at rest?
Looking at https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-data-protection.html and in console, I am leaning towards thinking that EventBridge does support only AWS Owned keys when encrypting data at rest, rather than customer-managed ones.
Is it so?
- Newest
- Most votes
- Most comments
The way it reads to me, they do not support cmk as per your conclusion.
It seems eventbridge behaves similarly to other AWS services that do not have the ability to use a cmk from KMS.
One other example of this would be S3 audit logs which have to be delivered to an S3 bucket only encrypted with a AWS managed key and not cmk.
I believe there’s no way either for EB to assume a service linked role within your account either.
If you find this to be inaccurate, please let me know. I’d sure be interested.
Event bridge doesn't support KMS CMK for data encryption at rest.
I'd imagine, if there is any requirement of having KMS CMK for data encryption at rest and if event bridge scheduler can fit in your requirement, then you can consider event bridge scheduler, which support KMS CMK(symmetric key encryption). Look at Data Encryption in Eventbridge Scheduler.
Comment here, if you have any additional questions.
Relevant content
- asked 2 years ago
- asked 3 days ago
- asked 2 years ago
AWS OFFICIALUpdated 3 years ago- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
