security key-manager external aws enable
Enable AWS KMS
Availability: This command is available to cluster and Vserver administrators at the admin privilege level.
Description
This command enables the Amazon Web Service Key Management Service (AWSKMS) associated with the given Vserver. An AWS project and AWSKMS must be deployed on the AWS portal prior to running this command. AWSKMS can only be enabled on a data Vserver that doesn't already have a key manager configured. AWSKMS cannot be enabled in a MetroCluster environment.
Parameters
-vserver <Vserver Name>
- Vserver-
Use this parameter to specify the Vserver on which the AWSKMS is to be enabled.
-region <text>
- AWS KMS Region-
Use this parameter to specify the region of the deployed AWS project.
-key-id <text>
- AWS Key Id-
Use this parameter to specify the key ID of the deployed AWS project.
[-access-key-id <text>]
- AWS Access Key ID-
Use this parameter to specify the access key ID of the deployed AWS project.
[-encryption-context <text>]
- Additional Layer of Authentication and Logging-
Use this parameter to specify the encryption context to satisfy AWS grant constraint if it is configured. The parameter should be in JSON format.
Examples
The following example enables the AWSKMS for Vserver v1. The parameters in the example command identify an Amazon Web Service (AWS) project application deployed on the AWS. The AWS project application has a region "test_na_region", a key ID "test_KEYID", an access key ID "test_accessKeyID" and an encryption context of "{"team": "NVEsecurity"}".
cluster-1::*> security key-manager external aws enable -vserver v1 -region test_na_region -key-id test_KEYID -access-key-id test_accessKeyID -encryption-context {"team": "NVEsecurity"} Enter the Amazon Web Service Key Management Service secret access key: Press <Enter> when done