Generic AWS KMS Key Deployments
ACM.18 Creating a reusable KMS Key Template for Batch Jobs
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
⚙️ Check out my series on Automating Cybersecurity Metrics. The Code.
🔒 Related Stories: AWS Security | Cloud Security Architecture | KMS
💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In the last post we looked at how conditions in AWS IAM policies work. We can use conditions in IAM, Resource, and Trust policies.
The goal of this post is to create a template that we can use to generically create new KMS keys with different principals who are allowed to use the key to encrypt and decrypt data.
How is a generic template helpful?
- You can prevent human error when deploying resources by creating things with standard, approved templates.
- Organizations may have a separate team and account where they manage encryption keys, such as I have written about in a prior post.
- You could write a self-service function or…