CLI | Utimaco Integration Guides

When using the AWS CLI, the CMK is expected to be an AES-256-GCM key by default.

›_ Console
`> aws kms create-key --origin EXTERNAL --region <region>`

If the command is executed successfully, you’ll see an output on the CLI similar to the one below. The KeyState will be PendingImport and the Origin will be EXTERNAL.

›_ Console
`{ "KeyMetadata": { "AWSAccountId": "<AWSAccountID>", "KeyId": "<KeyID>", "Arn": "arn:aws:kms:<region>:<AWSAccountID>,:key/<KeyID>", "CreationDate": <CreationDate>, "Enabled": false, "Description": "", "KeyUsage": "ENCRYPT_DECRYPT", "KeyState": "PendingImport", "Origin": "EXTERNAL", "KeyManager": "CUSTOMER" } }`

›_ Console

{ 

    "KeyMetadata": { 

        "AWSAccountId": "<AWSAccountID>", 

        "KeyId": "<KeyID>", 

        "Arn": "arn:aws:kms:<region>:<AWSAccountID>,:key/<KeyID>", 

        "CreationDate": <CreationDate>, 

        "Enabled": false, 

        "Description": "", 

        "KeyUsage": "ENCRYPT_DECRYPT", 

        "KeyState": "PendingImport", 

        "Origin": "EXTERNAL", 

        "KeyManager": "CUSTOMER" 

    } 

}

Please make sure to write down the key identifier ("KeyId") in the printout as it will be used for the key import.