Skip to content

Commit b1d3961

Browse files
goncalodasilvagoncalodasilva
authored
fix 214
AWS KMS supports automatic key rotation for symmetric encryption KMS keys with key material that AWS KMS generated (AWS_KMS origin), and you can specify a custom rotation period between 90 and 2560 days with a default of 365 days. This is the easiest solution Import custom key with annual rotation: This is incorrect because you cannot automatically rotate KMS keys with imported key material. Imported keys only support on-demand rotation, not automatic annual rotation
1 parent 06cb2af commit b1d3961

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

README.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2495,8 +2495,8 @@ We are so thankful for every contribution, which makes sure we can deliver top-n
24952495
### A Developer is storing sensitive documents in Amazon S3 that will require encryption at rest. The encryption keys must be rotated annually, at least. What is the easiest way to achieve this?
24962496

24972497
- [ ] Encrypt the data before sending it to Amazon S3.
2498-
- [x] Import a custom key into AWS KMS with annual rotation enabled.
2499-
- [ ] Use AWS KMS with automatic key rotation.
2498+
- [ ] Import a custom key into AWS KMS with annual rotation enabled.
2499+
- [x] Use AWS KMS with automatic key rotation.
25002500
- [ ] Export a key from AWS KMS to encrypt the data.
25012501

25022502
**[⬆ Back to Top](#table-of-contents)**

0 commit comments

Comments
 (0)