✅ - Key Management Service gen2 | AWS Amplify | Page 1

heady stratus Jan 9, 2024, 9:30 AM

#

Hello,
I see that amplify gen2 generated multiple secrets (even for services I don't use)
What are these for? Can I remove them or I'll break something
Does using amplify gen2 necessarily mean using those?

#

Key Management Service gen2

graceful canopy Jan 9, 2024, 9:05 PM

#

Hey @heady stratus , Amplify Gen 2 doesnt create KMS keys for secrets, the secrets are created on AWS Systems Manager ->
Parameter Store. the KMS keys in the screenshot appears to be due to the underlying service using KMS, for example: https://aws.amazon.com/blogs/aws/amazon-s3-encrypts-new-objects-by-default/

Amazon Web Services

Amazon S3 Encrypts New Objects By Default | Amazon Web Services

At AWS, security is the top priority. Starting today, Amazon Simple Storage Service (Amazon S3) encrypts all new objects by default. Now, S3 automatically applies server-side encryption (SSE-S3) for each new object, unless you specify a different encryption option. SSE-S3 was first launched in 2011. As Jeff wrote at the time: “Amazon S3 server-s...

heady stratus Jan 10, 2024, 4:39 AM

#

graceful canopy Hey <@296258920618393600> , Amplify Gen 2 doesnt create KMS keys for secrets, th...

ok so if I get that correctly,
amplify gen2 could have created a s3 bucket to store some information, which by default got encrypted, therefore generating these secrets?

(I assume gen2 created it, as I have not touched s3)

graceful canopy Jan 10, 2024, 4:09 PM

#

heady stratus ok so if I get that correctly, amplify gen2 could have created a s3 bucket to s...

CDK will create the bucket to store assets, you should be able to see the buckets in the S3 console.

heady stratus Jan 14, 2024, 10:42 PM

#

I have many buckets so instead I am trying to remove the rds one