Encryption at rest can be achieved on AWS with encrypted volumes with KMS keys
...
Create a KMS Key
From the AWS Console, go the the IAM Service, then select the left hand side menu Encryption Keys.
...
- Alias: core-nex-uat or core-nex-prd
- Description: Encryption for Nex! volumes
- Key material origin: KMS
- Tags: environment => uat
- Key Admins: gapps-superadmin, gapps-poweruser
- Key usage: mcluster_dev, gapps-superadmin, gapps-poweruser
Authorise KMS Policy
The Nex! Orchestrator IAM User must be allowed to access the KMS key. Ensure the Nex! Orchestrator policy contains the action "kms:*"
Code Block |
---|
{
"Statement": [
{
"Sid": "Stmt1340424171166",
"Action": [
"ec2:*",
"elasticloadbalancing:*",
"kms:*"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
]
} |