Create Key Management Service
Create KMS
- Access AWS Management Console
- Find KMS
- Select Key Management Service
- In the KMS interface
- Select Customer managed keys
- Select Create
- In the Configure key section
- In this section we will create a symmetric key to encrypt data. You can refer to symmetric and asymmetric keys at AWS Key Management Service
- Key type select Symmetric
- Key usage select Encrypt and decrypt
- Click Next
- In the Add lables section
You can name it differently as you like!
- Alias import
kms-key-encrypt-decrypt
- Next step, scroll down and press Next
- In the Define key administrative permissions section
- Key administrator find kms
- Select kms-key-role
- Key deletion check the line Allow key administrators to delete this key
- Click Next
- In the Define key usage permissions section
- Key usage find kms
- Select kms-key-role
- Click Next
- Next step we scroll down and press Finish
- Notification of successful creation
From section 10 onwards, additional information is for reference only. For the purpose of this lab, we do not need to use this feature!
Auto-key rotation in AWS KMS is a feature that helps you automatically change your encryption keys after a certain period of time (From 90 days and up to 2560 days). This helps increase the security of your data by minimizing the risk of your keys being exposed or compromised. Additional reference link Rotating AWS KMS keys
- You return to the KMS interface
- Select the newly created Key
- Next
- Select Key rotation
- Select Edit
- In the Edit automaton key rotation section
- Select Ebale
- In the Rotation period (in days) section, you can customize how many days to automatically change your encryption key.
