Questions tagged with AWS Key Management Service
Content language: English
Select up to 5 tags to filter
Sort by most recent
Browse through the questions and answers listed below or filter and sort to narrow down your results.
My company wishes to employ BYOK into KMS for S3 SSE. I'm trying to understand how we would go about rotating keys, and my understanding is that Aliases are the way to go. However, I'm unclear how...
5
answers
0
votes
1015
views
asked 4 years agolg...
Customer wants to know the following:
For some tables in DynamoDB encryption is changed from "Default" to "KMS - AWS Managed CMK". There is an extra cost associated for using KMS which they want to...
1
answers
0
votes
510
views
asked 4 years agolg...
From the documentation, it seems that if you want to use TDE on Oracle on RDS, the TDE master key can be stored:
- In RDS itself (Oracle Wallet) or
- In ClassicHSM.
Do you have any inputs on the...
1
answers
0
votes
722
views
asked 4 years agolg...
Hi forum;
Today I received aws email, alert about 85% of my AWS Key Menagement Service limit is near to end it's free-tier.
So, as I deploy some extra AWS Services to...
Accepted AnswerAWS Key Management Service
2
answers
0
votes
406
views
asked 4 years agolg...
When I do a GetPublicKey of an asymmetric CMK key, I get back 91 bytes. It looks like the last 65 bytes is the actual public key I need (starting at "04"). Can someone describe the format of this...
Accepted AnswerAWS Key Management Service
2
answers
0
votes
310
views
asked 5 years agolg...
I have a "poweruseraccess" policy applied to a "Developer" role in my account that is used by multiple users. This role allows access to AWS resources, as such anyone with this role can...
Accepted AnswerAWS Key Management Service
1
answers
0
votes
766
views
asked 5 years agolg...
The AWS documentation on encryption context ( <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context> ) states that:
_"When an encryption context is provided in an...
2
answers
0
votes
792
views
asked 5 years agolg...
When I run the command **aws kms list-keys**, I can see a Default EBS master key which is enabled. Here is the **describe-key** output;
```
{
"KeyMetadata": {
"Origin": "AWS_KMS",
...
Accepted AnswerAWS Key Management Service
2
answers
0
votes
796
views
asked 5 years agolg...
Hello
I have 4 keys in us-east-1 for RDS, lambda, cloud9 and fsx. however, I have deleted all the resources that were using those keys long time ago but the keys are still there.
Is there any...
2
answers
0
votes
3029
views
asked 5 years agolg...
Hi,
I created a new encryption key and gave user access to aws-elasticbeanstalk-ec2-role. Then, I created a Secret Manager and set the new encryption key as the one for the secret. Then I...
4
answers
0
votes
7899
views
asked 6 years agolg...
Regarding S3 default encryption. If you have S3 default encryption enabled with KMS CMK and then specify the header option (SSE-S3) when putting an object in S3. Does it not apply the default S3...
1
answers
0
votes
501
views
asked 6 years agolg...
KMS Key rotationlg...
Once KMS key rotation is enabled to 1 year rotation (as example, the key was created 13 months back), when would the CMKs be rotated ? Would it be one year once it was enabled or one year after the...
Accepted AnswerAWS Key Management Service
1
answers
0
votes
577
views
asked 8 years agolg...