gautamkj_2000
Do we need master key for each aws resource like S3, EC2 ETC
Certified Security - Specialty
Sign Up Free or Log In to participate!
Do we need master key for each aws resource
Sign Up Free or Log In to participate!
Do we need master key for each aws resource like S3, EC2 ETC
Psst…this one if you’ve been moved to ACG!
No…. You have have a single Master Key and it will be used to encrypt a data key that is assigned for each resource. So, the resource gets encrypted with the data key stored with the resource and the data key can only be decrypted with the master key that is stored in KMS.
Thanks. It will help do right pricing.
so no you don’t, but there is a condition you can set on your KMS policy (think like bucket policy for KMS) that can make so your KMS key can only be used for one service. That condition is the kms:ViaService condition on your key policy. I got a question on Whiz Labs about it so just something to keep in mind.