A quick walkthrough demonstrating the creation of a user with access to a master encryption key.
- Select IAM from the AWS Services
- Click Groups in the lefthand navigation panel and click the “Create New Group” button at the top of the screen
- Enter a Group Name into the box and click “Next Step”
- Using the Filter box, search for the
AWSKeyManagementServicePowerUserPolicy. Select the policy and click “Next Step”
- Review the group details and click “Create Group”
- Click Users in the lefthand navigation panel and click Add User at the top of the screen
- Enter a name for the user and select “Programmatic Access” for the Access Type. Click “Next: Permissions”
- Attach the user to your previously created group. Click “Next: Review”
- Review the permissions summary for the user and click “Create User” to provision the identity
- Click the show option next to the access key to reveal the secret. Take note of this key; it cannot be redisplayed. This is your programmatic access gateway into your amazon account. Close this window once you’ve recorded the secret.
- Click Encryption keys in the lefthand navigation panel and click “Create key” at the top of the screen
- Enter an alias for the encryption key. For example “kaleido0”. Click “Next Step”
- Optionally add a tag for the key. Click “Next Step”.
- Choose your newly created user or another appropriate user as the key administrator. Click “Next Step”
- Add permissions for the key administrator(s) and user(s) that can call encrypt/decrypt against the key
- Review the JSON object and click “Finish” to provision the key
- Now you can use the appropriate API Access Key and Secret along with the Encryption Key Alias to configure a KMS against your Kaleido node.