How to Create Asymmetirc Key Management Service on AWS

AWS Key Management Service (AWS KMS) supports asymmetric keys. We can create, manage, and use public/private key pairs to protect your application data using the new APIs via the AWS SDK.

Asymmetric KMS provides public & private Key pair that can be used for encrypt & decrypt the data.

  • Login to aws portal.
  • Click on Services.


Fig 1


  • Under Security, Identity,& Compliance select Key Management Service.


Fig 2


  • Click on Create Key.


Fig. 3


  • Select Asymmetric Key type.
  • Click on encrypt & decrypt.


Fig. 5


  • Select key spec.
  • Click on Next.


Fig. 6


  • Provide Alias name.
  • Click on Add Tag.


Fig. 7


  • Provide tag key name & value.


Fig. 8



Fig 9


  • Enable Key administrators to delete this key
  • Click on Next.

Fig 10


  • Select exiting Key usage permission


Fig 11


  • We can add multiple AWS account.
  • Click on Add another AWS account & provide AWS account ID.
  • Click on Next.


Fig 11


  • Review all Key Configurations.


Fig 11


  • Click on Finish.


Fig 12


  • After sometime Asymmetric KMS is ready.


Fig 13


Create Asymmetric KMS using Shell

aws kms create-key –key-usage <value>–tags TagKey=Name,TagValue=Test  –description “example” –customer-master-key-spec ASYMMETRIC_DEFAULT –origin <value



Leave a Reply