Genesys Cloud - Developer Community!

I have setup a AWS KMS key in one of my AWS accounts that I am an administrator of.  I followed the instructions on this link Use an AWS KMS symmetric key for conversations - Genesys Cloud Resource Center.  When I try to add it to my Genesys Sandbox account I get this error when trying to save or test the Alias that I add.  Request to save the key configuration failed because the configuration could not be validated or Request to test the key configuration failed because the configuration could not be validated

The instructions do not say that the KMS Key needs to be in a certain region or that it has to be Fed-Ramp.  So not sure why this is not working.  Any suggestions?

Hello Cindy,

I have moved your question to the Genesys Cloud - Developer Community. Hopefully one of the experts there will be able to assist you with this.

In the mean time, could you share what your setup looks like? I believe you would only need to change the bolded text down below (unless you are trying to do this in the FedRAMP region).

{
     "Sid": "Allow use of the key",
     "Effect": "Allow",
     "Principal": {
         "AWS": [
              "arn:aws:iam::765628985471:root"
         ]
     },
     "Action": [
         "kms:Encrypt",
         "kms:Decrypt",
         "kms:GenerateDataKey*",
         "kms:DescribeKey"
     ],
     "Resource": "*",
     "Condition": {
          "StringEquals": {
                 "kms:EncryptionContext:genesys-cloud-organization-id": ["YOUR-ORG-ID-GOES-HERE"]
        }
     }
}

I have setup a AWS KMS key in one of my AWS accounts that I am an administrator of.  I followed the instructions on this link Use an AWS KMS symmetric key for conversations - Genesys Cloud Resource Center.  When I try to add it to my Genesys Sandbox account I get this error when trying to save or test the Alias that I add.  Request to save the key configuration failed because the configuration could not be validated or Request to test the key configuration failed because the configuration could not be validated

The instructions do not say that the KMS Key needs to be in a certain region or that it has to be Fed-Ramp.  So not sure why this is not working.  Any suggestions?

Hello Cindy,

I have moved your question to the Genesys Cloud - Developer Community. Hopefully one of the experts there will be able to assist you with this.

In the mean time, could you share what your setup looks like? I believe you would only need to change the bolded text down below (unless you are trying to do this in the FedRAMP region).

{
     "Sid": "Allow use of the key",
     "Effect": "Allow",
     "Principal": {
         "AWS": [
              "arn:aws:iam::765628985471:root"
         ]
     },
     "Action": [
         "kms:Encrypt",
         "kms:Decrypt",
         "kms:GenerateDataKey*",
         "kms:DescribeKey"
     ],
     "Resource": "*",
     "Condition": {
          "StringEquals": {
                 "kms:EncryptionContext:genesys-cloud-organization-id": ["YOUR-ORG-ID-GOES-HERE"]
        }
     }
}

I have setup a AWS KMS key in one of my AWS accounts that I am an administrator of.  I followed the instructions on this link Use an AWS KMS symmetric key for conversations - Genesys Cloud Resource Center.  When I try to add it to my Genesys Sandbox account I get this error when trying to save or test the Alias that I add.  Request to save the key configuration failed because the configuration could not be validated or Request to test the key configuration failed because the configuration could not be validated

The instructions do not say that the KMS Key needs to be in a certain region or that it has to be Fed-Ramp.  So not sure why this is not working.  Any suggestions?

Jason,

That worked.  It really should be in the instructions that they key needs to be in the same AWS region as the Genesys org.  It would be helpful.

Thanks so much,

Cindy

Hello Cindy,

I have moved your question to the Genesys Cloud - Developer Community. Hopefully one of the experts there will be able to assist you with this.

In the mean time, could you share what your setup looks like? I believe you would only need to change the bolded text down below (unless you are trying to do this in the FedRAMP region).

{
     "Sid": "Allow use of the key",
     "Effect": "Allow",
     "Principal": {
         "AWS": [
              "arn:aws:iam::765628985471:root"
         ]
     },
     "Action": [
         "kms:Encrypt",
         "kms:Decrypt",
         "kms:GenerateDataKey*",
         "kms:DescribeKey"
     ],
     "Resource": "*",
     "Condition": {
          "StringEquals": {
                 "kms:EncryptionContext:genesys-cloud-organization-id": ["YOUR-ORG-ID-GOES-HERE"]
        }
     }
}

I have setup a AWS KMS key in one of my AWS accounts that I am an administrator of.  I followed the instructions on this link Use an AWS KMS symmetric key for conversations - Genesys Cloud Resource Center.  When I try to add it to my Genesys Sandbox account I get this error when trying to save or test the Alias that I add.  Request to save the key configuration failed because the configuration could not be validated or Request to test the key configuration failed because the configuration could not be validated

The instructions do not say that the KMS Key needs to be in a certain region or that it has to be Fed-Ramp.  So not sure why this is not working.  Any suggestions?

Hey Cindy,

I'm glad that you were able to figure this out and get it to work. I went back and re-read the documentation and you're right, it doesn't mention anything about the key being in the same AWS region. 

I understand that some of our documentation may have not have answered all of your questions. At Genesys, we have a skilled team of Technical Writers who maintain the documentation that we have in the Resource Center and are always looking to make sure it is the most helpful resource for you. If you would like to have changes made to the Resource Center article, we encourage you to utilize the Was this article helpful? feature at the bottom of the pages. If you select No, you are able to leave feedback that will be sent to the team that manages those articles.

Jason,

That worked.  It really should be in the instructions that they key needs to be in the same AWS region as the Genesys org.  It would be helpful.

Thanks so much,

Cindy

Hello Cindy,

I have moved your question to the Genesys Cloud - Developer Community. Hopefully one of the experts there will be able to assist you with this.

In the mean time, could you share what your setup looks like? I believe you would only need to change the bolded text down below (unless you are trying to do this in the FedRAMP region).

{
     "Sid": "Allow use of the key",
     "Effect": "Allow",
     "Principal": {
         "AWS": [
              "arn:aws:iam::765628985471:root"
         ]
     },
     "Action": [
         "kms:Encrypt",
         "kms:Decrypt",
         "kms:GenerateDataKey*",
         "kms:DescribeKey"
     ],
     "Resource": "*",
     "Condition": {
          "StringEquals": {
                 "kms:EncryptionContext:genesys-cloud-organization-id": ["YOUR-ORG-ID-GOES-HERE"]
        }
     }
}

I have setup a AWS KMS key in one of my AWS accounts that I am an administrator of.  I followed the instructions on this link Use an AWS KMS symmetric key for conversations - Genesys Cloud Resource Center.  When I try to add it to my Genesys Sandbox account I get this error when trying to save or test the Alias that I add.  Request to save the key configuration failed because the configuration could not be validated or Request to test the key configuration failed because the configuration could not be validated

The instructions do not say that the KMS Key needs to be in a certain region or that it has to be Fed-Ramp.  So not sure why this is not working.  Any suggestions?

I have setup a AWS KMS key in one of my AWS accounts that I am an administrator of.  I followed the instructions on this link Use an AWS KMS symmetric key for conversations - Genesys Cloud Resource Center.  When I try to add it to my Genesys Sandbox account I get this error when trying to save or test the Alias that I add.  Request to save the key configuration failed because the configuration could not be validated or Request to test the key configuration failed because the configuration could not be validated

The instructions do not say that the KMS Key needs to be in a certain region or that it has to be Fed-Ramp.  So not sure why this is not working.  Any suggestions?

The only real thing I recall from when setting this up was making sure the key is created in AWS within the same region as your Genesys Cloud org but I also believe there's an option to make the key inter-region/global (although from memory there's an additional cost to that).

I have setup a AWS KMS key in one of my AWS accounts that I am an administrator of.  I followed the instructions on this link Use an AWS KMS symmetric key for conversations - Genesys Cloud Resource Center.  When I try to add it to my Genesys Sandbox account I get this error when trying to save or test the Alias that I add.  Request to save the key configuration failed because the configuration could not be validated or Request to test the key configuration failed because the configuration could not be validated

The instructions do not say that the KMS Key needs to be in a certain region or that it has to be Fed-Ramp.  So not sure why this is not working.  Any suggestions?

Vaun,

I will give that a try, there was nothing in the instructions that said it had to be in the same region.  So I will create one in that region and try it out and report back.

Thanks,

Cindy

The only real thing I recall from when setting this up was making sure the key is created in AWS within the same region as your Genesys Cloud org but I also believe there's an option to make the key inter-region/global (although from memory there's an additional cost to that).

I have setup a AWS KMS key in one of my AWS accounts that I am an administrator of.  I followed the instructions on this link Use an AWS KMS symmetric key for conversations - Genesys Cloud Resource Center.  When I try to add it to my Genesys Sandbox account I get this error when trying to save or test the Alias that I add.  Request to save the key configuration failed because the configuration could not be validated or Request to test the key configuration failed because the configuration could not be validated

The instructions do not say that the KMS Key needs to be in a certain region or that it has to be Fed-Ramp.  So not sure why this is not working.  Any suggestions?