Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 
ArrogantAardvark
Contributor III

Configuring AWS KMS policy for tenant encryption

Hello, I am attempting to implement tenant encryption for Qlik Cloud using a key from AWS KMS. I am quite new to this, so I have tried to carefully follow the instructions detailed here. However, when I attempt to create the key provider within QMC, I receive the following error:

Error code: The policy of the provided key does not allow to know key type is Single region or Multi region

Has anyone experienced this and/or can guide me to a solution? Thanks in advance for any suggestions.

Labels (3)
1 Solution

Accepted Solutions
mpc
Partner Ambassador

Hi, 

This may help you: QCDI: Configuring AWS KMS fails with The policy of... - Qlik Community - 2469639
Then I think you need to check if you're using a multiple region KMS Key based on your Qlik tenant region and its backup

Best

From Next Decision and mpc with love

View solution in original post

3 Replies
mpc
Partner Ambassador

Hi, 

This may help you: QCDI: Configuring AWS KMS fails with The policy of... - Qlik Community - 2469639
Then I think you need to check if you're using a multiple region KMS Key based on your Qlik tenant region and its backup

Best

From Next Decision and mpc with love
ArrogantAardvark
Contributor III
Author

Thanks for the reply--the resource you pointed to helped get me on the right track. Ultimately, the problem was that my policy was misconfigured. With the multi-region key, the DescribeKey KMS action is required. My policy was set up for a single region even though the key was created as multi-region. I appreciate the help! 

mpc
Partner Ambassador

Wlcm and thanks for your return ! It will help others for sure !

From Next Decision and mpc with love