Create a new encryption key on AWS

if you don't have an existing encryption key, use the following instructions to create one.

  1. In the AWS Management Console, navigate to IAM.
  2. Select Encryption keys.
  3. From the Region dropdown, select the region in which you would like to create and use the encryption key.
  4. Click Create key:

  5. In Step 1: Create Alias and Description:
    1. Enter an Alias for your key.
    2. Expand Advanced Options and under Key Material Origin, select “KMS” or “External”.

  6. In Step 3: Define Key Administrative Permissions, select the following:
    1. AWSDerviceRoleForAutoScaling built-in role.
    2. Your IAM user (if using role-based credential) or IAM role (if using key-based credential).

  7. In Step 4: Define Key Usage Permissions, select the same items as in the previous steps.
  8. Navigate to the last page of the wizard and then click Finish to create an encryption key.