Cloud Security
Published in

Cloud Security

Defining Requirements for KMS Encryption Key Policies

ACM.19 Determining who can encrypt and decrypt the credentials used by our batch job

  • A role that our lambda function will ultimately use to retrieve the secrets from Systems Manager.
  • A role that will mimic what a deployment system would use. We’ll write some code to create the AWS developer keys for our batch job and store them in secrets manager.
  • We can use these two roles on an EC2 instance to test out both creating the credentials and assuming a role.
  • Later we could move these roles as is or with any necessary modifications into our final design.
Medium: Teri Radichel or Email List: Teri Radichel
Twitter: @teriradichel or @2ndSightLab
Requests services via LinkedIn: Teri Radichel or IANS Research



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Teri Radichel

Cloud Security Training and Penetration Testing | GSE, GSEC, GCIH, GCIA, GCPM, GCCC, GREM, GPEN, GXPN | AWS Hero | Infragard | IANS Faculty |