Loading...

Adding an AWS Key Management Service Server

You can add or modify an AWS Key Management Service (KMS) Server from the Command Center.

If the user account does not have the kms:Decrypt permission, then you can perform only backup operations, and you cannot perform auxiliary copy or restore operations.

For guidelines about key rotation, see Key Rotation Guidelines for Amazon Web Service Key Management Service Server.

Before You Begin

  • The Commvault user should have Edit Storage Policy \ Copy permissions to a storage policy copy to assign the AWS Key Management Service Server to the copy. For more information, see Storage Policy Management Permissions.
  • The AWS Key Management Service account that you configure must have the following permissions:
    • kms:CreateKey
    • kms:Decrypt
    • kms:DisableKeyRotation
    • kms:Encrypt
    • kms:ScheduleKeyDeletion

Procedure

  1. From the navigation pane, click Security > Key management servers.

    The Key management servers page appears.

  2. Click Add at the top right, and then select AWS KMSP.

    The Add AWS KMS dialog box appears.

  3. Complete the following steps:
    • Name: Enter the name of the key provider.
    • Region: Select the region where AWS hosts the key management service.
    • Access key: Enter the AWS access key.
    • Secret access key: Enter the AWS secret access key.
  4. Click Save.

Last modified: 12/27/2018 8:32:48 PM