Cloud Key Management Service for AWS Volume Encryption
On this page
Note
This feature is only available in SingleStore Helios - Dedicated.
Overview
Amazon Elastic Block Store (EBS) encryption is supported by all EBS volume types and includes a built-in key management infrastructure.
There are two types of CMK: AWS-managed and customer-managed.
This guide provides instructions on how to create a customer-managed key used for EBS volume encryption, define which users/roles can perform encryption operations with this key, and how to use this key with your SingleStore Helios workspace.
Caution
When using a customer-managed key shared with SingleStore Helios, you are accepting the additional terms, conditions, and potential risks pertaining to data availability and loss.
Should the CMK permissions be revoked, or the key deleted, SingleStore Helios will no longer be able to encrypt/decrypt your data.
Create a Customer-Managed Key
-
To create a customer-managed key for use with EBS volume encryption, log into the AWS Management Console and navigate to Security, Identity, & Compliance > Key Management Service.
-
From the AWS Key Management Service page, click the Create a key button.
Note: If this is your first time visiting this page, you may initially be greeted with a welcome page.
-
On the Configure key page, select the Symmetric key radio button, and click the Next button.
-
On the Add labels page:
-
In the Alias field, enter a key name
-
In the Description field, add an associated description
Tip: Use an intuitive alias and description to remind you that this key is for use with SingleStore Helios.
When completed, click the Next button.
The customer-managed key will be created in the AWS KMS as shown below.
-
-
Now that this customer-managed key has been created, create a Support ticket to enable this feature on your SingleStore Helios workspace.
You will be notified when this request has been completed.
Last modified: April 3, 2023