我尝试按照本教程:https://aws.amazon.com/blogs/security/how-to-protect-data-at-rest-with-amazon-ec2-instance-store-encryption/生成加密我的EC2实例的密钥。但是,我完全坚持这一行:
aws --region us-east-one kms encrypt --key-id 'alias/EncFSForEC2InternalStorageKey' --plaintext "ThisIs-a-SecretPassword" --query CiphertextBlob --output text | base64 --decode > LuksInternalStorageKey
我收到错误:
An error occurred (NotFoundException) when calling the Encrypt
operation: Alias
arn:aws:kms:us-east-1:784754406091:alias/EncFSForEC2InternalStorageKey
is not found.
但我对上述命令的理解是,如果它已经存在,它会创建别名吗?