Create KeyControl Vault CloudKey for AWS XKS
You must create a CloudKey, in the AWS XKS Key Set that you created earlier (see Create Key Set for AWS XKS ). This CloudKey is used by AWS services to encrypt objects in AWS.
To create the CloudKey for AWS XKS:
- In the top menu bar, select CLOUDKEYS.
- Select the CloudKey tab.
- From the Key Set menu, select the AWS XKS Key Set that you created earlier.
- Select Actions > Create CloudKey. The Create CloudKey dialog appears.
-
On the Details tab, enter the following:
Field
Description
Region Select the AWS XKS region. Name
Enter the name for the CloudKey.
Description
Enter the optional description for the CloudKey
- Click Continue.
-
On the Access tab, enter the following.
Field
Description
Administrators
Choose the users who have administrative rights to the CloudKey.
Users Choose the users who can use the CloudKey for encryption or decryption. - Click Continue.
-
On the Schedule tab, determine the rotation schedule for the CloudKey. This can be one of the following:
- Inherit from Key Set—The CloudKey will use the default schedule from the Key Set. If the Key Set schedule changes after the CloudKey is created, the CloudKey schedule will not be updated.
- Never—The CloudKey will never be rotated.
- Once a year—The CloudKey will be rotated once a year.
- Every 6 months—The CloudKey will be rotated once every 6 months.
- Every 30 days—The CloudKey will be rotated once every 30 days.
- Other—The CloudKey will be rotated at the interval you select.
- Click Apply.
The CloudKey is now available in AWS XKS. You can view the key in the AWS KMS Customer managed keys screen.
