To enable encryption with KMS, create an AWS Key Management Service (AWS KMS) policy and an AWS KMS-managed customer master key.
To use SSE-KMS encryption for mappings in advanced mode, perform one of the following tasks:
To use the credentials from the
~/.aws/credentials
location, create the master instance profile and the worker instance profile in AWS, attach the KMS policy to the worker profile, and specify the profiles in the cluster configuration.
Configure the Secure Agent on Amazon EC2, create the master instance profile and the worker instance profile in AWS, and attach the KMS policy to the worker profile.
Configure the Secure Agent on Amazon EC2, use the default IAM role, and attach the KMS policy to the Secure Agent role.