ONTAP 9.13.1 commands

security key-manager external aws enable

Enable AWS KMS

Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

Description

This command enables the Amazon Web Service Key Management Service (AWSKMS) associated with the given Vserver. An AWS project and AWSKMS must be deployed on the AWS portal prior to running this command. AWSKMS can only be enabled on a data Vserver that doesn’t already have a key manager configured. AWSKMS cannot be enabled in a MetroCluster environment.

Parameters

-vserver <Vserver Name> - Vserver

Use this parameter to specify the Vserver on which the AWSKMS is to be enabled.

-region <text> - AWS KMS Region

Use this parameter to specify the region of the deployed AWS project.

-key-id <text> - AWS Key Id

Use this parameter to specify the key ID of the deployed AWS project.

[-access-key-id <text>] - AWS Access Key ID

Use this parameter to specify the access key ID of the deployed AWS project.

[-encryption-context <text>] - Additional Layer of Authentication and Logging

Use this parameter to specify the encryption context to satisfy AWS grant constraint if it is configured. The parameter should be in JSON format.

Examples

The following example enables the AWSKMS for Vserver v1. The parameters in the example command identify an Amazon Web Service (AWS) project application deployed on the AWS. The AWS project application has a region "test_na_region", a key ID "test_KEYID", an access key ID "test_accessKeyID" and an encryption context of "{"team": "VEsecurity"}".

cluster-1::*> security key-manager external aws enable -vserver v1 -region test_na_region -key-id test_KEYID -access-key-id test_accessKeyID -encryption-context {"team": "VEsecurity"}

Enter the Amazon Web Service Key Management Service secret access key: Press <Enter> when done
Top of Page