How To Create A Customer Managed Customer Master Keys (CMKs) In AWS KMS

How To Create A Customer Managed Customer Master Keys (CMKs) In AWS KMS

How To Create A Customer Managed Customer Master Keys (CMKs) In AWS KMS:

Hello Everyone

Welcome to CloudAffaire and this is Debjeet.

In this blog post, we will discuss how to create a customer managed customer master key (CMKs) in AWS KMS. More specifically we will create a symmetric KMS CMK key using AWS CLI.

What Is A Customer Managed Master Keys (CMKs):

Customer master keys are the primary resources in AWS KMS. A customer master key (CMK) is a logical representation of a master key. The CMK includes metadata, such as the key ID, creation date, description, and key state. The CMK also contains the key material used to encrypt and decrypt data. Customer managed CMKs are CMKs in your AWS account that you create, own, and manage. You have full control over these CMKs and usage is charged.

You can create symmetric and asymmetric customer master keys (CMKs). During this process, you determine the cryptographic configuration of your CMK and the origin of its key material. You cannot change these properties after the CMK is created. You also set the key policy for the CMK, which you can change at any time. In this demo, we will create a symmetric key.

You can also create an alias to your CMKs. An alias is a friendly name for a customer master key (CMK). You can use an alias to identify a CMK in the AWS KMS console, in the DescribeKey operation, and in cryptographic operations, such as Encrypt and GenerateDataKey. Aliases also make it easy to recognize AWS managed CMKs. Aliases for these CMKs always have the form: aws/<service-name>.

How To Create A Customer Managed Customer Master Keys (CMKs) In AWS KMS:

Requirements:

AWS CLI installed and configured. You can follow the below blog post to install and configure AWS CLI.

https://cloudaffaire.com/how-to-install-aws-cli/

https://cloudaffaire.com/how-to-configure-aws-cli/

Note: Some cost is associated with AWS KMS, for details please refer to below link.

https://aws.amazon.com/kms/pricing/

Step 1: Create a new IAM access policy for KMS CMKs.

Step 2: Create a new symmetric KMS CMK using AWS CLI.

Step 3: Get details of KMS CMKs using AWS CLI.

Step 4: Encrypt an AWS resource (S3 bucket in this demo) using the newly created KMS CMK.

Step 5: Cleanup.

To get more details on AWS KMS, please refer below AWS documentation

https://docs.aws.amazon.com/kms/index.html

 

Leave a Reply

Close Menu