Creating and Using User-Generated KMS Master Keys - Amazon Kinesis Data Streams

Creating and Using User-Generated KMS Master Keys

This section describes how to create and use your own KMS master keys, instead of using the master key administered by Amazon Kinesis.

Creating User-Generated KMS Master Keys

For instructions on creating your own master keys, see Creating Keys in the AWS Key Management Service Developer Guide. After you create keys for your account, the Kinesis Data Streams service returns these keys in the KMS master key list.

Using User-Generated KMS Master Keys

After the correct permissions are applied to your consumers, producers, and administrators, you can use custom KMS master keys in your own AWS account or another AWS account. All KMS master keys in your account appear in the KMS Master Key list within the AWS Management Console.

To use custom KMS master keys located in another account, you need permissions to use those keys. You must also specify the ARN of the KMS master key in the ARN input box in the AWS Management Console.