Creating a customer managed key to access AWS KMS

By default, your data is encrypted with an AWS owned key. This means the key is created, owned, and managed by the service. If you want to own and manage the key used to encrypt your data, you can create a customer managed KMS key. Amazon Inspector doesn't interact with your data. Amazon Inspector only ingests metadata from repositories in your source code provider. For information about how to create a customer managed KMS key, see Create a KMS key in the AWS Key Management Service User Guide.

Sample policy

When you create your customer managed key, use the following sample policy.

After you create your KMS key, you can use the following Amazon Inspector APIs.

UpdateEncryptionKey – Use with CODE_REPOSITORY for resourceType and CODE as the scan type to configure the use of your customer managed KMS key.
GetEncryptionKey – Use with CODE_REPOSITORY for resourceType and CODE as the scan type to configure the retrieval of your KMS key configuration.
ResetEncryptionKey – Use with CODE_REPOSITORY for resourceType and CODE to reset your KMS key configuration and to use an AWS owned KMS key.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Activating Code Security

Creating an integration