Trying to add an AWS KMS symmetric key for conversations and it is not working

View Only

Back to discussions

Expand all | Collapse all

Trying to add an AWS KMS symmetric key for conversations and it is not working

1. Trying to add an AWS KMS symmetric key for conversations and it is not working

Like
Cindy Kepes

Partner
Posted 06-03-2025 15:31

Reply Reply Privately
I have setup a AWS KMS key in one of my AWS accounts that I am an administrator of. I followed the instructions on this link Use an AWS KMS symmetric key for conversations - Genesys Cloud Resource Center. When I try to add it to my Genesys Sandbox account I get this error when trying to save or test the Alias that I add. Request to save the key configuration failed because the configuration could not be validated or Request to test the key configuration failed because the configuration could not be validated

The instructions do not say that the KMS Key needs to be in a certain region or that it has to be Fed-Ramp. So not sure why this is not working. Any suggestions?

#Implementation

------------------------------
Cindy Kepes
Customer Interaction Technology
------------------------------
2. RE: Trying to add an AWS KMS symmetric key for conversations and it is not working

Like
Jason Kleitz

Genesys
Posted 06-03-2025 17:10

Reply Reply Privately
Hello Cindy,

I have moved your question to the Genesys Cloud - Developer Community. Hopefully one of the experts there will be able to assist you with this.

In the mean time, could you share what your setup looks like? I believe you would only need to change the bolded text down below (unless you are trying to do this in the FedRAMP region).

{
"Sid": "Allow use of the key",
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::765628985471:root"
]
},
"Action": [
"kms:Encrypt",
"kms:Decrypt",
"kms:GenerateDataKey*",
"kms:DescribeKey"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"kms:EncryptionContext:genesys-cloud-organization-id": ["YOUR-ORG-ID-GOES-HERE"]
}
}
}

------------------------------
Jason Kleitz
Online Community Manager/Moderator
------------------------------
3. RE: Trying to add an AWS KMS symmetric key for conversations and it is not working

Like
Cindy Kepes

Partner
Posted 06-04-2025 07:11

Reply Reply Privately
Hi Jason,

Yes, I took what was in the documentation and added our Genesys org to it.

{
"Sid": "Allow use of the key",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::765628985471:root"
},
"Action": [
"kms:Encrypt",
"kms:Decrypt",
"kms:GenerateDataKey*",
"kms:DescribeKey"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"kms:EncryptionContext:genesys-cloud-organization-id": "a00a5f82-f729-4ad1-bada-cd10db18077f"
}
}
}

But looking at the note below - it is in a different region - my AWS account I made the key in us-east-1. There was nothing in the Genesys instructions that said it had to be in the same region. I will try that out this morning and report back.

Thanks!

------------------------------
Cindy Kepes
Customer Interaction Technology
------------------------------

Original Message
4. RE: Trying to add an AWS KMS symmetric key for conversations and it is not working

Like
Cindy Kepes

Partner
Posted 06-04-2025 07:27

Reply Reply Privately
Jason,

That worked. It really should be in the instructions that they key needs to be in the same AWS region as the Genesys org. It would be helpful.

Thanks so much,

Cindy

------------------------------
Cindy Kepes
Customer Interaction Technology
------------------------------

Original Message
5. RE: Trying to add an AWS KMS symmetric key for conversations and it is not working

Like
Jason Kleitz

Genesys
Posted 06-04-2025 09:17

Reply Reply Privately
Hey Cindy,

I'm glad that you were able to figure this out and get it to work. I went back and re-read the documentation and you're right, it doesn't mention anything about the key being in the same AWS region.

I understand that some of our documentation may have not have answered all of your questions. At Genesys, we have a skilled team of Technical Writers who maintain the documentation that we have in the Resource Center and are always looking to make sure it is the most helpful resource for you. If you would like to have changes made to the Resource Center article, we encourage you to utilize the Was this article helpful? feature at the bottom of the pages. If you select No, you are able to leave feedback that will be sent to the team that manages those articles.

------------------------------
Jason Kleitz
Online Community Manager/Moderator
------------------------------

Original Message
6. RE: Trying to add an AWS KMS symmetric key for conversations and it is not working

Like
Cindy Kepes

Partner
Posted 06-04-2025 09:25

Reply Reply Privately
Jason,

That is a great idea. I will do that! I think it's a good thing that should be included in the documentation going forward, which would be helpful for new people setting up their environment.

Thanks so much,

Cindy

------------------------------
Cindy Kepes
Customer Interaction Technology
------------------------------

Original Message
7. RE: Trying to add an AWS KMS symmetric key for conversations and it is not working

Like
Vaun McCarthy

Community Rockstar
Posted 06-03-2025 21:00

Reply Reply Privately
The only real thing I recall from when setting this up was making sure the key is created in AWS within the same region as your Genesys Cloud org but I also believe there's an option to make the key inter-region/global (although from memory there's an additional cost to that).

------------------------------
Vaun McCarthy
------------------------------
8. RE: Trying to add an AWS KMS symmetric key for conversations and it is not working

Like
Cindy Kepes

Partner
Posted 06-04-2025 07:13

Reply Reply Privately
Vaun,

I will give that a try, there was nothing in the instructions that said it had to be in the same region. So I will create one in that region and try it out and report back.

Thanks,

Cindy

------------------------------
Cindy Kepes
Customer Interaction Technology
------------------------------

Original Message
9. RE: Trying to add an AWS KMS symmetric key for conversations and it is not working

Like
Cindy Kepes

Partner
Posted 06-04-2025 07:26

Reply Reply Privately
Vaun,

That did it! I created a key in the region of my Genesys org and it took it right away.

Thanks for the info!

Cindy

------------------------------
Cindy Kepes
Customer Interaction Technology
------------------------------

Original Message

Genesys Cloud - Developer Community!

Trying to add an AWS KMS symmetric key for conversations and it is not working

Cindy Kepes06-03-2025 15:31

Jason Kleitz06-03-2025 17:10

Cindy Kepes06-04-2025 07:11

Cindy Kepes06-04-2025 07:27

Jason Kleitz06-04-2025 09:17

Cindy Kepes06-04-2025 09:25

Vaun McCarthy06-03-2025 21:00

Cindy Kepes06-04-2025 07:13

Cindy Kepes06-04-2025 07:26

1. Trying to add an AWS KMS symmetric key for conversations and it is not working

2. RE: Trying to add an AWS KMS symmetric key for conversations and it is not working

3. RE: Trying to add an AWS KMS symmetric key for conversations and it is not working

4. RE: Trying to add an AWS KMS symmetric key for conversations and it is not working

5. RE: Trying to add an AWS KMS symmetric key for conversations and it is not working

6. RE: Trying to add an AWS KMS symmetric key for conversations and it is not working

7. RE: Trying to add an AWS KMS symmetric key for conversations and it is not working

8. RE: Trying to add an AWS KMS symmetric key for conversations and it is not working

9. RE: Trying to add an AWS KMS symmetric key for conversations and it is not working

Related Content

Lex V2 Integration

GetCurrentDateTimeUtc() doesn't seem to be working correctly

How use KMS Encrypt in Architect Flows

GetCurrentDateTimeUtc() doesn't seem to be working correctly

Any Drawback of Implementing Persistent Connection