Solved: Configuring AWS KMS policy for tenant encryption - Qlik Community

ArrogantAardvark · ‎2024-11-11

Hello, I am attempting to implement tenant encryption for Qlik Cloud using a key from AWS KMS. I am quite new to this, so I have tried to carefully follow the instructions detailed here. However, when I attempt to create the key provider within QMC, I receive the following error:

Error code: The policy of the provided key does not allow to know key type is Single region or Multi region

Has anyone experienced this and/or can guide me to a solution? Thanks in advance for any suggestions.

mpc · ‎2024-11-13

Hi,

This may help you: QCDI: Configuring AWS KMS fails with The policy of... - Qlik Community - 2469639
Then I think you need to check if you're using a multiple region KMS Key based on your Qlik tenant region and its backup

Best

From Next Decision and mpc with love

View solution in original post

mpc · ‎2024-11-13

Hi,

This may help you: QCDI: Configuring AWS KMS fails with The policy of... - Qlik Community - 2469639
Then I think you need to check if you're using a multiple region KMS Key based on your Qlik tenant region and its backup

Best

From Next Decision and mpc with love

ArrogantAardvark · ‎2024-11-13

Thanks for the reply--the resource you pointed to helped get me on the right track. Ultimately, the problem was that my policy was misconfigured. With the multi-region key, the DescribeKey KMS action is required. My policy was set up for a single region even though the key was created as multi-region. I appreciate the help!

mpc · ‎2024-11-13

Wlcm and thanks for your return ! It will help others for sure !

From Next Decision and mpc with love

Configuring AWS KMS policy for tenant encryption

General Question

Security

Security & Governance