HiveBrain v1.2.0
Get Started
← Back to all entries
patternMinor

Is there any way I can rotate AWS KMS keys every time interval < 1 year?

Submitted by: @import:stackexchange-devops··
0
Viewed 0 times
canrotateyearanyintervalwayeverytimekeysaws

Problem

According AWS KMS, keys can be rotated once every year. However, there is no way I can define a custom time period for that.

However, I can keep changing the same in the bucket's policy manually.

So, is there anyway I can automate that?

Solution

The AWS documentation is clear that automated key rotation is only supported by Amazon on a yearly basis. However, you can use the CLI to manually create new keys, and then use an automation technique such as cron to automate the manual process.

In this case you can likely have cron run a bash script to read from a list of keys and credentials and then use the AWS kms cli to "manually" change your keys.

Context

StackExchange DevOps Q#142, answer score: 8

Revisions (0)

No revisions yet.