Create an Encryption Key with AWS KMS Service
- Login into this link: https://console.aws.amazon.com.
- Select Create Key.
- Select Next.
- Select Next.
- Give permissions to IAM roles or users to use this key in encryption.
- Select Finish.
Sample JSON File for setting up IAM roles:
{"Id": "key-consolepolicy-3","Version": "2012-10-17","Statement": [{"Sid": "Enable IAM User Permissions","Effect": "Allow","Principal": {"AWS": "arn:aws:iam::735646515482:root"},"Action": "kms:*","Resource": "*"},{"Sid": "Allow access for Key Administrators","Effect": "Allow","Principal": {"AWS": "arn:aws:iam::735646515482:user/mohamed.khaled@incorta.com"},"Action": ["kms:Create*","kms:Describe*","kms:Enable*","kms:List*","kms:Put*","kms:Update*","kms:Revoke*","kms:Disable*","kms:Get*","kms:Delete*","kms:TagResource","kms:UntagResource","kms:ScheduleKeyDeletion","kms:CancelKeyDeletion"],"Resource": "*"},{"Sid": "Allow use of the key","Effect": "Allow","Principal": {"AWS": "arn:aws:iam::735646515482:user/mohamed.khaled@incorta.com"},"Action": ["kms:Encrypt","kms:Decrypt","kms:ReEncrypt*","kms:GenerateDataKey*","kms:DescribeKey"],"Resource": "*"},{"Sid": "Allow attachment of persistent resources","Effect": "Allow","Principal": {"AWS": "arn:aws:iam::735646515482:user/x@incorta.com"},"Action": ["kms:CreateGrant","kms:ListGrants","kms:RevokeGrant"],"Resource": "*","Condition": {"Bool": {"kms:GrantIsForAWSResource": "true"}}}]}