paint-brush
What is AWS Key Management Service (KMS)?by@devops-advocate
394 reads
394 reads

What is AWS Key Management Service (KMS)?

by DevOps AdvocateDecember 27th, 2019
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

The key rotation would reduce the chance that a compromised customer master key (CMK) could be used without your knowledge to access AWS resources. To determine if your customer master keys have Key Rotation enabled, perform the following: Sign in to the AWS Management Console. Check the Rotate this key every year switch status under key Rotation section: It is true for enabled, false for disabled: The Rotation status for the selected CMK should be true. To enable KMS key rotation, run the get-key-rotation-status command to make sure that the feature has been enabled.

Company Mentioned

Mention Thumbnail
featured image - What is AWS Key Management Service (KMS)?
DevOps Advocate HackerNoon profile picture

When we enable the key rotation it would reduce the chance that a compromised customer master key (CMK) could be used without your knowledge to access AWS resources.

AWS Keys Rotation: How can we check if Key Rotation is enabled?

To determine if your customer master keys have Key Rotation enabled, perform the following:

A) Sign in to the AWS Management Console.

B) Navigate to IAM dashboard

c) In the left navigation panel, click Encryption Keys.

D) Select the appropriate AWS region from the Filter menu.

E) Select the alias of the CMK that you need to check under Alias column.

F) And check the Rotate this key every year switch status under Key Rotation section:

How we enable AWS key Rotation ?

To enable AWS KMS Key Rotation, you need to perform the following:

1 ) Run list-keys command to list all your customer master keys:

aws kms list-keys

2) The command output should return the ARN (Amazon Resource Name) and the ID for each CMK created in your current AWS region:

{<br>    "Keys": [<br>        {<br>            "KeyArn": "arn:aws:kms:us-west-2:1234567812345:<br>                       key/8e1a0a1b-fa71-4077-8fde-e4cab5f1458c",<strong class="markup--strong markup--pre-strong"><br>            "KeyId": "4t3d0t3b-ta35-4077-8fde-e4cab4rw369d"</strong><br>        }<br>    ]<br>}

3) Run enable-key-rotation command using the CMK ID as parameter to enable Key Rotation for the selected key:

aws kms enable-key-rotation<br>	--key-id <strong class="markup--strong markup--pre-strong">4t3d0t3b-ta35-4077-8fde-e4cab4rw369d</strong>

4 ) Run get-key-rotation-status command to make sure that the Key Rotation feature has been enabled:

aws kms get-key-rotation-status<br>	--key-id <strong class="markup--strong markup--pre-strong">4t3d0t3b-ta35-4077-8fde-e4cab4rw369d</strong>

5) The command output should return the Key Rotation status for the selected CMK (true for enabled, false for disabled):

{<strong class="markup--strong markup--pre-strong"><br>    "KeyRotationEnabled": false</strong><br>}

Thanks. Please free to leave comments below or reach us out at [email protected].