All Content tagged with AWS Key Management Service
AWS Key Management Service (KMS) makes it easy for you to create and manage cryptographic keys and control their use across a wide range of AWS services and in your applications.
Content language: English
Filter content
Select tags to filter
Sort by
Sort by most recent
437 results
In [Amazon EC2 instance attestation documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitrotpm-attestation.html) there are instructions how to build an AMI, get PCR values for the ima...
Jason ShenSUPPORT ENGINEER
published 22 days ago0 votes103 views
After Amazon GuardDuty Malware Protection for S3 scans an uploaded object, you might want to automatically move clean files to a trusted bucket and quarantine infected files. This article shows how to...
Dennis_OEXPERT
published a month ago2 votes125 views
For sensitive caller inputs (PAN, CVV, authentication codes), post-call redaction is not enough PCI DSS v4.0 requires CVV is never stored after authorization and PAN only stored encrypted. This articl...
Dennis_OEXPERT
published a month ago1 votes84 views
Connect encrypts customer content at rest by default with a service-managed KMS key, but customers in regulated industries (PCI DSS v4.0, GDPR, HIPAA) typically need full key control — independent rot...
I'm trying to import an external AES-256 KEK into AWS Payment Cryptography
using DiffieHellmanTr31KeyBlock in ap-southeast-1. Every attempt returns:
ValidationException: KeyBlock data in the importe...
Naveen JagathesanEXPERT
published a month ago0 votes113 views
Running Spark on EMR with KMS-encrypted S3 data? Every object read triggers a kms:Decrypt API call — and at scale, those costs add up fast. If your compliance requirements prevent switching to S3 Buck...
AWS OFFICIALUpdated 2 months ago0 votes229 views
This article shows you how to create a fallback mechanism to add resiliency to authentication in the AWS Management Console.
I would like to use AWS KMS for code signing. Additionally, I would like to publish transparency logs as an assurance that the signing key has not signed unknown code. However CloudTrail logs don't in...
We store our passwords for our endpoints in secrets manager. These rotate every 7 days. We are noticing when the password rotates, the CDC then fails.
Is there a way to keep DMS updated with secrets ...
Taylor MossEXPERT
published 2 months ago2 votes265 views
I want to understand how IAM roles and permissions work with AWS Backup, and how to troubleshoot permission-related failures for backup, restore, and copy jobs.
Nymus BooysenEXPERT
published 3 months ago0 votes458 views
This article provides general guidance on migrating Security, Identity and Compliance resources from one region to another.
I’m trying to validate a cross-organization backup copy scenario and would appreciate clarification.
**Scenario**
* Account A1 in...