是否可以使用默认 KMS 加密 Lambda 环境变量?
Iis it possible to encrypt Lambda environment variables with the default KMS?
在 "Encryption configuration" 下的 AWS 控制台中,我注意到我无法使用默认的 Lambda KMS 加密我的环境变量。
我错过了什么吗?还是我必须创建自己的密钥才能启用静态加密?
是的,如果你想在创建函数后加密东西,你需要使用你自己的密钥来使用 KMS 助手。以下是 relevant docs:
The first time you create or update Lambda functions that use
environment variables in a region, a default service key is created
for you automatically within AWS KMS. This key is used to encrypt
environment variables. However, should you wish to use encryption
helpers and use KMS to encrypt environment variables after your Lambda
function is created, then you must create your own AWS KMS key and
choose it instead of the default key. The default key will give errors
when chosen.
在 "Encryption configuration" 下的 AWS 控制台中,我注意到我无法使用默认的 Lambda KMS 加密我的环境变量。
我错过了什么吗?还是我必须创建自己的密钥才能启用静态加密?
是的,如果你想在创建函数后加密东西,你需要使用你自己的密钥来使用 KMS 助手。以下是 relevant docs:
The first time you create or update Lambda functions that use environment variables in a region, a default service key is created for you automatically within AWS KMS. This key is used to encrypt environment variables. However, should you wish to use encryption helpers and use KMS to encrypt environment variables after your Lambda function is created, then you must create your own AWS KMS key and choose it instead of the default key. The default key will give errors when chosen.