ONTAP 9.12.1 commands

50←PDF
  • ONTAP 9.12.1 commands(CA08871-263en.pdf)
  • security key-manager external aws enable

    Enable AWS KMS

    Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

    Description

    This command enables the Amazon Web Service Key Management Service (AWSKMS) associated with the given Vserver. An AWS project and AWSKMS must be deployed on the AWS portal prior to running this command. AWSKMS can only be enabled on a data Vserver that doesn’t already have a key manager configured. AWSKMS cannot be enabled in a MetroCluster environment.

    Parameters

    -vserver <Vserver Name> - Vserver

    Use this parameter to specify the Vserver on which the AWSKMS is to be enabled.

    -region <text> - AWS KMS Region

    Use this parameter to specify the region of the deployed AWS project.

    -key-id <text> - AWS Key Id

    Use this parameter to specify the key ID of the deployed AWS project.

    [-access-key-id <text>] - AWS Access Key ID

    Use this parameter to specify the access key ID of the deployed AWS project.

    [-encryption-context <text>] - Additional Layer of Authentication and Logging

    Use this parameter to specify the encryption context to satisfy AWS grant constraint if it is configured.

    Examples

    The following example enables the AWSKMS for Vserver v1. The parameters in the example command identify an Amazon Web Service (AWS) project application deployed on the AWS. The AWS project application has a region "test_na_region", a key ID "test_KEYID" and an access key ID "test_accessKeyID".

    cluster-1::*> security key-manager external aws enable -vserver v1 -region test_na_region -key-id test_KEYID -access-key-id test_accessKeyID
    
    Enter the Amazon Web Service Key Management Service secret access key: Press <Enter> when done
    Top of Page