Knowledge Base Home

AWS Integrations – Generating an Encryption Key

A quick walkthrough demonstrating the creation of a user with access to a master encryption key.


  1. Select IAM from the AWS Services
  2. Click Groups in the lefthand navigation panel and click the “Create New Group” button at the top of the screen
  3. Enter a Group Name into the box and click “Next Step”
  4. Using the Filter box, search for the AWSKeyManagementServicePowerUser Policy. Select the policy and click “Next Step”
  5. Review the group details and click “Create Group”
  6. Click Users in the lefthand navigation panel and click Add User at the top of the screen
  7. Enter a name for the user and select “Programmatic Access” for the Access Type. Click “Next: Permissions”
  8. Attach the user to your previously created group. Click “Next: Review”
  9. Review the permissions summary for the user and click “Create User” to provision the identity
  10. Click the show option next to the access key to reveal the secret. Take note of this key; it cannot be redisplayed. This is your programmatic access gateway into your amazon account. Close this window once you’ve recorded the secret.
  11. Click Encryption keys in the lefthand navigation panel and click “Create key” at the top of the screen
  12. Enter an alias for the encryption key. For example “kaleido0”. Click “Next Step”
  13. Optionally add a tag for the key. Click “Next Step”.
  14. Choose your newly created user or another appropriate user as the key administrator. Click “Next Step”
  15. Add permissions for the key administrator(s) and user(s) that can call encrypt/decrypt against the key
  16. Review the JSON object and click “Finish” to provision the key
  17. Now you can use the appropriate API Access Key and Secret along with the Encryption Key Alias to configure a KMS against your Kaleido node.

Prev WebJ Example Application Next AWS Integrations – Setting up Cloudwatch Logging Permissions