Skip to content
A small study project on AWS encryption using AWS KMS, AWS Lambda and sbt-sam.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
conf
project
src/main/scala/com/github/dnvriend
.gitignore
.sbtopts
README.md
build.sbt
version.sbt

README.md

sam-encryption-test

A small study project on AWS KMS Encryption using AWS KMS, AWS Lambda and sbt-sam.

Introduction

The example shows how to create 'structured data' and encrypt it with the SamSerializer. The record format is a SamRecord, an envelope that groups data with metadata like a schema tag/hit in the form of a schema fingerprint, the KMS CMK and the payload itself.

Key Policy

Key policies are the primary way to control access to customer master keys (CMKs) in AWS KMS. A key policy is a document to specify permissions. see: https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html

The following key policy allows access to the cmk from all principals:

{
  "Version": "2012-10-17",
  "Id": "key-default-2",
  "Statement": [
    {
      "Sid": "Enable IAM User Permissions",
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": "kms:*",
      "Resource": "*"
    }
  ]
}   

Internet Access

When you enable VPC, your Lambda function will lose default internet access. If you require external internet access for your function, ensure that your security group allows outbound connections and that your VPC has a NAT gateway.

Resources

You can’t perform that action at this time.