In AWS Console, navigate to Key Management Service, select Customer-managed keys, then click on Create key.
Under Configure key select the following:
a. For key type choose Symmetric. it is recommended to use symmetric keys for use cases that requires encrypting and decrypting data inside AWS.
b. For key material origin choose KMS. AWS KMS creates and manages the key material value and store it in its own key store, this is the default and the recommended option.
c. For Regionality choose Single-region key.
All the above settings cannot be changed once the key is created.
Under Add labels enter an alias for the key. The alias helps identify the key and it can also be changed at any time. Optionally add Description and Tags.
Under Define key administrative permissions assign a user or role who can administrate the key.
Under Define key usage permissions and from the dropdown list select the following two roles:
a. AWSServiceRoleForAutoScaling -- This is the default service-linked role for your account and it is automatically assigned to your Auto Scaling groups and in this case the Everpure Cloud Dedicated VD Auto Scaling group.
b. PurtiyServiceRole -- This role is one of the pre-requests for Everpure Cloud Dedicated deployment and it is manually created and assigned to the CloudFormation template stack prior to deployment.
It is mandatory to link the above two roles with the Customer-managed key, failing on doing so will cause major failures during Purtiy (NDU) upgrades and capacity upgrades.
Under Review verify all the configurations and key policies are set correctly, then click on Finish.