1. Home
  2. Other Releases
  3. On-premises 5.2
  4. Guides
    1. Start
    2. Administer
    3. Analyze
    4. Configure
    5. Deploy
      1. Deploy on AWS
        1. Set Up an AWS Account
        2. Create an AWS tag
        3. Create an IAM Role and Policy
        4. Security Group Open ports
        5. Create an Encryption Key with AWS KMS Servic
        6. Create an EBS Volume
        7. Create an S3 Bucket
        8. Create E2C Instance
        9. Secure Shell in to Incorta
        10. Start Incorta
        11. Connect to Incorta
    6. Install
    7. Migrate
    8. Secure
    9. Upgrade
    10. Content Manager
  5. Tours
  6. Concepts
  7. Tools
  8. References
  9. Integrations
  10. Data applications
  11. Releases

Create an Encryption Key with AWS KMS Service

  1. Login into this link: https://console.aws.amazon.com. aws_image24
  2. Select Create Key. aws_image17
  3. Select Next. aws_image5
  4. Select Next. aws_image29
  5. Give permissions to IAM roles or users to use this key in encryption.
  6. Select Finish. aws_image10

Sample JSON File for setting up IAM roles:

{
    "Id": "key-consolepolicy-3",
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Enable IAM User Permissions",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::735646515482:root"
            },
            "Action": "kms:*",
            "Resource": "*"
        },
        {
            "Sid": "Allow access for Key Administrators",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::735646515482:user/mohamed.khaled@incorta.com"
            },
            "Action": [
                "kms:Create*",
                "kms:Describe*",
                "kms:Enable*",
                "kms:List*",
                "kms:Put*",
                "kms:Update*",
                "kms:Revoke*",
                "kms:Disable*",
                "kms:Get*",
                "kms:Delete*",
                "kms:TagResource",
                "kms:UntagResource",
                "kms:ScheduleKeyDeletion",
                "kms:CancelKeyDeletion"
            ],
            "Resource": "*"
        },
        {
            "Sid": "Allow use of the key",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::735646515482:user/mohamed.khaled@incorta.com"
            },
            "Action": [
                "kms:Encrypt",
                "kms:Decrypt",
                "kms:ReEncrypt*",
                "kms:GenerateDataKey*",
                "kms:DescribeKey"
            ],
            "Resource": "*"
        },
        {
            "Sid": "Allow attachment of persistent resources",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::735646515482:user/x@incorta.com"
            },
            "Action": [
                "kms:CreateGrant",
                "kms:ListGrants",
                "kms:RevokeGrant"
            ],
            "Resource": "*",
            "Condition": {
                "Bool": {
                    "kms:GrantIsForAWSResource": "true"
                }
            }
        }
    ]
}