How to Use AWS KMS to Encrypt Data

Create KMS CMS Key # create a key and save the key id from the response aws kms create-key --description "Test CMK" # create a alias for the key aws kms create-alias --target-key-id {key_id} --alias-name "alias/testcmk" aws kms list-keys Encrypt and Decrypt a file echo "this is a test message" > test.txt aws kms encrypt --key-id "alias/testcmk" --plaintext file://test.txt --output text --query CiphertextBlob | base64 --decode > test.txt.encrypted aws kms decrypt --ciphertext-blob fileb://test.