How to Use AWS KMS to Encrypt Data

Create KMS CMS Key

# create a key and save the key id from the response
aws kms create-key --description "Test CMK"
# create a alias for the key
aws kms create-alias --target-key-id {key_id} --alias-name "alias/testcmk" 

aws kms list-keys 

Encrypt and Decrypt a file

echo "this is a test message" > test.txt
aws kms encrypt --key-id "alias/testcmk" --plaintext file://test.txt  --output text --query CiphertextBlob | base64 --decode > test.txt.encrypted
aws kms decrypt --ciphertext-blob fileb://test.txt.encrypted --output text --query Plaintext | base64 --decode

Reference