1. Answers
  2. Creating an AWS KMS Key

How do I create an AWS KMS key and manage it?

Creating an AWS KMS Key

In this example, we’ll demonstrate how to create an AWS Key Management Service (KMS) key to handle the encryption and decryption of your data securely. KMS keys are essential for securing your data at rest and ensuring that you have full control over the encryption keys used by your services.

We’ll proceed with the following steps:

  1. Define the aws_kms_key resource to create a new KMS key.
  2. Set up a key policy to define permissions.
  3. Add necessary outputs to expose key details.

Key Points

  1. KMS Key Creation: Defines a new KMS key resource.
  2. Key Policy: Specifies the permissions for the KMS key.
  3. Outputs: Exposes critical information about the created key.

Example

Here’s the code to set up an AWS KMS key:

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

// Resource for creating a KMS key
const example = new aws.kms.Key("example", {
    description: "An example KMS key",
    keyUsage: "ENCRYPT_DECRYPT",
    policy: `{
  "Version": "2012-10-17",
  "Id": "key-default-1",
  "Statement": [
    {
      "Sid": "Enable IAM User Permissions",
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": "kms:*",
      "Resource": "*"
    }
  ]
}
`,
});
export const kmsKeyId = example.id;
export const kmsKeyArn = example.arn;

Key Points Recap

  • Provider Configuration: Ensure you specify the correct AWS region.
  • KMS Key Resource: The aws_kms_key resource is fundamental for creating KMS keys.
  • Policy Setup: Policies control the permissions and access to the KMS key.
  • Output Information: Outputs allow you to reuse key details in other parts of your infrastructure.

Summary

By following the example, you now have a blueprint for creating and managing AWS KMS keys. This setup guarantees that your data can be encrypted and decrypted securely with a key you control.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up