I'm trying to set up separate KMS keys for different managed nodes in AWS Systems Manager Session Manager when connecting to Linux EC2 instances. Right now, the Session Manager settings allow only one KMS key to encrypt all sessions across every managed node. This creates a potential single point of failure if that key is compromised. Is there any way to assign different KMS keys to different managed nodes?
2 Answers
First off, what’s your main concern with using a single KMS key? Just so you know, the KMS key doesn't get exposed outside the hardware, so a compromise is really hard. This limitation is by design because KMS keys are typically unique to services for security reasons.
Got it, thanks for clarifying. The main reason we were looking at using individual KMS keys per EC2 instance is to avoid that single point of failure. If AWS doesn’t let you do that due to the current design, then I guess we'll have to stick with one key for now.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures