https://community.qlik.com/t5/Management-Governance/Configuring-AWS-KMS-policy-for-tenant-encryption/m-p/2492147#M29137 <P>Hello, I am attempting to implement tenant encryption for Qlik Cloud using a key from AWS KMS. I am quite new to this, so I have tried to carefully follow the <A href="https://help.qlik.com/en-US/cloud-services/Subsystems/Hub/Content/Sense_Hub/Admin/mc-configure-tenant-encryption.htm" target="_blank" rel="noopener">instructions detailed here</A>. However, when I attempt to create the key provider within QMC, I receive the following error:</P> <P><EM>Error code: The policy of the provided key does not allow to know key type is Single region or Multi region</EM></P> <P>Has anyone experienced this and/or can guide me to a solution? Thanks in advance for any suggestions.</P> Wed, 29 Jan 2025 16:21:29 GMT ArrogantAardvark 2025-01-29T16:21:29Z https://community.qlik.com/t5/Management-Governance/Configuring-AWS-KMS-policy-for-tenant-encryption/m-p/2492147#M29137 <P>Hello, I am attempting to implement tenant encryption for Qlik Cloud using a key from AWS KMS. I am quite new to this, so I have tried to carefully follow the <A href="https://help.qlik.com/en-US/cloud-services/Subsystems/Hub/Content/Sense_Hub/Admin/mc-configure-tenant-encryption.htm" target="_blank" rel="noopener">instructions detailed here</A>. However, when I attempt to create the key provider within QMC, I receive the following error:</P> <P><EM>Error code: The policy of the provided key does not allow to know key type is Single region or Multi region</EM></P> <P>Has anyone experienced this and/or can guide me to a solution? Thanks in advance for any suggestions.</P> Wed, 29 Jan 2025 16:21:29 GMT https://community.qlik.com/t5/Management-Governance/Configuring-AWS-KMS-policy-for-tenant-encryption/m-p/2492147#M29137 ArrogantAardvark 2025-01-29T16:21:29Z https://community.qlik.com/t5/Management-Governance/Configuring-AWS-KMS-policy-for-tenant-encryption/m-p/2492450#M29138 <P>Hi,&nbsp;</P> <P>This may help you:&nbsp;<A href="https://community.qlik.com/t5/Official-Support-Articles/QCDI-Configuring-AWS-KMS-fails-with-The-policy-of-the-provided/ta-p/2469639" target="_blank">QCDI: Configuring AWS KMS fails with The policy of... - Qlik Community - 2469639</A><BR />Then I think you need to check if you're using a multiple region KMS Key based on your Qlik tenant region and its backup<BR /><BR /></P> <P>Best</P> Wed, 13 Nov 2024 08:18:33 GMT https://community.qlik.com/t5/Management-Governance/Configuring-AWS-KMS-policy-for-tenant-encryption/m-p/2492450#M29138 mpc 2024-11-13T08:18:33Z https://community.qlik.com/t5/Management-Governance/Configuring-AWS-KMS-policy-for-tenant-encryption/m-p/2492557#M29139 <P>Thanks for the reply--the resource you pointed to helped get me on the right track. Ultimately, the problem was that my policy was misconfigured. With the multi-region key, the <A href="https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html" target="_self">DescribeKey KMS action</A> is required. My policy was set up for a single region even though the key was created as multi-region. I appreciate the help!&nbsp;</P> Wed, 13 Nov 2024 14:56:45 GMT https://community.qlik.com/t5/Management-Governance/Configuring-AWS-KMS-policy-for-tenant-encryption/m-p/2492557#M29139 ArrogantAardvark 2024-11-13T14:56:45Z https://community.qlik.com/t5/Management-Governance/Configuring-AWS-KMS-policy-for-tenant-encryption/m-p/2492564#M29140 <P>Wlcm and thanks for your return ! It will help others for sure !</P> Wed, 13 Nov 2024 15:27:21 GMT https://community.qlik.com/t5/Management-Governance/Configuring-AWS-KMS-policy-for-tenant-encryption/m-p/2492564#M29140 mpc 2024-11-13T15:27:21Z