Search This Blog

Sunday, November 18, 2018

Fixed AWS GenerateKeyError("Master Key unable to generate data key")

Your master key must have "key-usage" of "ENCRYPT_DECRYPT"

For example, create a new key with "key-usage" of "ENCRYPT_DECRYPT"


$ aws kms create-key --key-usage ENCRYPT_DECRYPT --description "testing"

create key without parameter will default has key-usage ENCRYPT_DECRYPT:


$ aws kms create-key