Creating User-Generated KMS Master Keys Using User-Generated KMS Master Keys

Creating and Using User-Generated KMS Master Keys

This section describes how to create and use your own KMS master keys, instead of using the master key administered by Amazon Kinesis.

Creating User-Generated KMS Master Keys

For instructions on creating your own master keys, see Creating Keys in the Amazon Key Management Service Developer Guide. After you create keys for your account, the Kinesis Data Streams service returns these keys in the KMS master key list.

Using User-Generated KMS Master Keys

After the correct permissions are applied to your consumers, producers, and administrators, you can use custom KMS master keys in your own Amazon account or another Amazon account. All KMS master keys in your account appear in the KMS Master Key list within the Amazon Web Services Management Console.

To use custom KMS master keys located in another account, you need permissions to use those keys. You must also specify the ARN of the KMS master key in the ARN input box in the Amazon Web Services Management Console.

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

How Do I Get Started with Server-Side Encryption?

Permissions to Use User-Generated KMS Master Keys