Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from http://cloud.google.com/kubernetes-engine/multi-cloud/docs/aws/how-to/create-aws-kms-key below:

Create an AWS KMS key | GKE on AWS

Stay organized with collections Save and categorize content based on your preferences.

GKE on AWS uses customer-managed AWS Key Management Service (KMS) symmetric keys to encrypt:

• Kubernetes state data in etcd
• EC2 instance user data
• EBS volumes for at-rest encryption of control plane and node pool data

For production environments, we recommend using different keys for configuration and volume encryption. To further minimize risks if a key is compromised, you can also create different keys for each of the following:

• Cluster control plane configuration
• Cluster control plane database
• Cluster control plane main volume
• Cluster control plane root volume
• Node pool configuration
• Node pool root volume

For additional security, you can create an AWS KMS key policy that assigns only the minimum required set of permissions. For more information, see Creating KMS keys with specific permissions.

To create a key, run the following command:

aws --region AWS_REGION kms create-key \
    --description "KEY_DESC"

Replace the following:

• AWS_REGION with the name of your AWS region
• KEY_DESC with a text description of your key

For each key you create, save the value named KeyMetadata.Arn in the output of this command for later use.

If you create separate keys for different functions, you need to provide a KMS key policy for each key that grants appropriate permissions on that key. If you don't specify a key policy when you create a key, AWS KMS will create a default key policy that gives all principals in the owning account unlimited access to all operations for the key.

When you create a key policy, you must allow an AWS IAM policy access to the key policy. The key policy must also give your account permissions to use IAM policies. Without permission from the key policy, IAM policies that allow permissions have no effect. For more information, see Key policies in AWS KMS.

The following table describes the permissions for each of the AWS IAM roles GKE on AWS uses.

• Create an SSH key pair.

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-08-07 UTC.

[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[],[]]

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4