-
Open Key Management Service > Customer managed keys > Create key.
-
Under Key type click Symmetric.
-
Click Advanced options and select External.
-
Tick the checkbox I understand the security, availability, and durability implications of using an imported key.
-
Click Next.
-
Type the CMK's Alias.
-
Optionally, type the CMK's Description and add Tags.
-
Click Next.
-
From the list offered, choose the Key administrators.
-
If you want to allow the administrators to delete this key, tick the Key deletion checkbox.
-
Click Next.
-
From the list offered, choose the IAM users and roles that can use the CMK in cryptographic operations.
-
If necessary, add Other AWS accounts to the list.
-
Click Next.
-
Review and edit the key policy as necessary.
-
Click Finish.
If the creation of the CMK is successful, the following image will appear at the end of your screen:
Successful creation of the CMK