Skip to content

kranthikiriti/serverless-kms-key-rotator

BranchesTags
 
 

Repository files navigation

Serverless KMS Key Rotator

This script helps you to rotate your CMK(Customer Master Key)

  1. Create S3 Bucket

  2. Create Custom Master Key(CMK) in KMS

    We will use this key exclusively for S3 usage

  3. Upload Object to S3 - GUI

    Use the AES-256 Encryption while uploading

  4. Upload Object to S3 - CLI with SSE header

    Set the upload header x-amz-server-side​-encryption and do not specify the key id, forcing S3 to use the default key

    Ref: Server-Side-Encryption-Specific Request Headers

  5. Upload Object to S3 - CLI with AWS KMS - CMK ID

    PUT /example-object HTTP/1.1
Host: example-bucket.s3.amazonaws.com   
Accept: */*   
Authorization:authorization string   
Date: Wed, 28 May 2014 19:31:11 +0000   
x-amz-server-side-encryption-customer-key:g0lCfA3Dv40jZz5SQJ1ZukLRFqtI5WorC/8SEEXAMPLE   
x-amz-server-side-encryption-customer-key-MD5:ZjQrne1X/iTcskbY2example   
x-amz-server-side-encryption-customer-algorithm:AES256

  6. Disable & Delete CMK

    Download the objects encrypted

About

AWS KMS Encryption & Decyption using CLI & Lambda

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%