Advanced Cluster Options
Also available as:
PDF

Encryption key requirements

If planning to use encryption, ensure that your encryption key can be used with Cloudbreak or if you need to create a new encryption key.

Ensuring that an existing encryption key can be used with Cloudbreak

If you have an existing encryption key that you would like to use with Cloudbreak, make sure that the following are attached as both key administrator and key user:

  • The AWSServiceRoleForAutoScaling built-in role.
  • Your IAM role or IAM user used for the Cloudbreak credential.

To check that these are attached, navigate to the IAM console > Encryption keys, select your encryption key, and scroll to Key Administrators and then Key Users.

Create a new encryption key on AWS

To create a new encryption key, follow these steps:
  1. On AWS, navigate to the IAM console.
  2. Select Encryption keys.
  3. From the Region dropdown, select the region in which you would like to create and use the encryption key.
  4. Click Create key:

  5. In Step 1: Create Alias and Description:
    1. Enter an Alias for your key.
    2. Expand Advanced Options and under Key Material Origin, select “KMS” or “External”.

  6. In Step 3: Define Key Administrative Permissions, select the following:
    1. AWSDerviceRoleForAutoScaling built-in role.
    2. Your IAM user (if using role-based credential) or IAM role (if using key-based credential).

  7. In Step 4: Define Key Usage Permissions, select the same items as in the previous steps.
  8. Navigate to the last page of the wizard and then click Finish to create an encryption key.