Add a CMK to your account

Before you begin, make sure that you have an IAM role that grants the admin user access to the Amazon QuickSight admin key management console. For more information on the required permissions, see IAM identity-based policies for Amazon QuickSight: using the admin key management console.

You can add keys that already exist in AWS KMS to your QuickSight account, so that you can encrypt your QuickSight data.

To learn more about how you can create a key to use in QuickSight, see the AWS Key Management Service Developer Guide.

On the QuickSight start page, choose Manage QuickSight, and then choose KMS keys.
On the KMS keys page, choose Manage. The KMS keys dashboard opens.
On the KMS Keys dashboard, choose Select key.
On the Select key pop-up box, choose Key to open the list. Then, select the key that you want to add.

If your key isn't in the list, you can manually enter the key's ARN.
(Optional) Select the Use as default encryption key for new data in the current region of this QuickSight account to set the selected key as your default key. A blue badge appears next to the default key to indicate its status.

When you choose a default key, all new QuickSight data that is created in the Region that hosts your QuickSight account is encrypted with the default key.
(Optional) Add more keys by repeating the previous steps in this procedure. While you can add as many keys as you want, you can only have one default key at one time.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Encrypting data with AWS KMS customer-managed keys

Verify a CMK