
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Configuring AWS KMS policy for tenant encryption
Hello, I am attempting to implement tenant encryption for Qlik Cloud using a key from AWS KMS. I am quite new to this, so I have tried to carefully follow the instructions detailed here. However, when I attempt to create the key provider within QMC, I receive the following error:
Error code: The policy of the provided key does not allow to know key type is Single region or Multi region
Has anyone experienced this and/or can guide me to a solution? Thanks in advance for any suggestions.
Accepted Solutions

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
This may help you: QCDI: Configuring AWS KMS fails with The policy of... - Qlik Community - 2469639
Then I think you need to check if you're using a multiple region KMS Key based on your Qlik tenant region and its backup
Best

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
This may help you: QCDI: Configuring AWS KMS fails with The policy of... - Qlik Community - 2469639
Then I think you need to check if you're using a multiple region KMS Key based on your Qlik tenant region and its backup
Best

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the reply--the resource you pointed to helped get me on the right track. Ultimately, the problem was that my policy was misconfigured. With the multi-region key, the DescribeKey KMS action is required. My policy was set up for a single region even though the key was created as multi-region. I appreciate the help!

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Wlcm and thanks for your return ! It will help others for sure !
