Create a new encryption key on AWS
if you don't have an existing encryption key, use the following instructions to create one.
- In the AWS Management Console, navigate to IAM.
- Select Encryption keys.
- From the Region dropdown, select the region in which you would like to create and use the encryption key.
- Click Create key:
- In Step 1: Create Alias and Description:
- Enter an Alias for your key.
- Expand Advanced Options and under Key Material Origin, select “KMS” or “External”.
- In Step 3: Define Key Administrative Permissions, select the following:
- AWSDerviceRoleForAutoScaling built-in role.
- Your IAM user (if using role-based credential) or IAM role (if using key-based credential).
- In Step 4: Define Key Usage Permissions, select the same items as in the previous steps.
- Navigate to the last page of the wizard and then click Finish to create an encryption key.