KMS Keys for AWS Organizations Environments

ACM.358 A common template for key deployment that includes organization and environment names — logs, deploy, and appdata keys

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

⚙️ Check out my series on Automating Cybersecurity Metrics | Code.

🔒 Related Stories: AWS Security | Secure Code | IAM | AWS Organizations

💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

In my last post I was thinking about naming conventions for resources in AWS environments (like Dev, QA, Prod, and maybe others).

Organization-Environment Naming Convention on AWS

I have something else to fix that led me to thinking about environments and their associated resources.

While deploying S3 resources, I realized that I had a need for cross-account access to KMS keys. I also have future plans for deploying KMS keys differently but for now I am going to revamp my KMS keys like this. I’m going to create three KMS keys for my Sandbox environment:

AppData
Deploy
Logs