mirror of
https://github.com/nickpoida/og-aws.git
synced 2025-02-13 02:12:02 +00:00
Added region specificity gotcha for KMS (#516)
* Added region specificity gotcha for KMS * Reformatted the sentence * Minor copyediting on KMS gotcha
This commit is contained in:
Manish Pandit
Thanos Baskous
parent
4b10f242c1
commit
c3fdcdf7a0
1 changed files with 1 additions and 0 deletions
|
|
@ -1551,6 +1551,7 @@ KMS
|
|||
- 🔸The Encrypt API only works with < 4KB of data. Larger data requires generating and managing a [data key](http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#data-keys) in your application layer.
|
||||
- 🔸KMS audit events are not available in the [CloudTrail Lookup Events API](http://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_LookupEvents.html). You need to look find them in the raw .json.gz files that CloudTrail saves in S3.
|
||||
- 🔸In order to encrypt a multi-part upload to S3, the KMS Key Policy needs to allow “kms:Decrypt” and “kms:GenerateDataKey*” in addition to “kms:Encrypt”, otherwise the upload will fail with an “AccessDenied” error.
|
||||
- 🔸KMS keys are region specific — they are stored and can only be used in the region in which they are created. They can't be transferred to other regions.
|
||||
|
||||
CloudFront
|
||||
----------
|
||||
|
|
|
|||
Loading…
Reference in a new issue