Edit me

Configuring KMS Key Permissions for nOps Essentials

In this guide, we will walk you through the process of configuring KMS Key permissions for nOps Essentials. This feature allows nOps users to add KMS key permissions to their Lambda functions, enabling automated management of EC2 instances with encrypted EBS volumes. Particularly, this is required for two nOps Essentials features. First is the Scheduler, which lets you configure a start and stop time for your EC2, the other feature is the Rightsizing, which lets you optimize the size of your EC2.


Before you begin, ensure that the nOps Essentials stack is configured. This stack sets up the necessary Lambda functions for automations needed for all Essential features.

Step-by-Step Guide

  1. Accessing the Configuration Feature

    • Click on the menu icon in the top-right corner of the nOps dashboard.

    • Navigate to Organization Settings and select Integrations.

    • From the Integrations menu, choose EventBridge.

  2. Reviewing EventBridge Status

    • In the EventBridge list, identify the status of your configurations.

    • Yellow indicates “Update needed,” red indicates “Not connected,” and green indicates “Connected.”

    • Ensure your EventBridge status is green to proceed with KMS Key configuration.

  3. Choosing KMS Key Permissions

    • Click the Add KMS Keys button next to a connected EventBridge configuration.

    • A popup will appear with two options: Use all KMS Keys or Single KMS Key.

    • Select the appropriate option for your needs.

  4. Entering Single KMS Key (if applicable)

    • If you select Single KMS Key, enter the KMS Key ARN from your AWS KMS console for the Key you would like to add.

    • Click Launch Stack to proceed.

  5. Launching the CloudFormation Stack

    • After selecting your KMS Key options and clicking Launch Stack, you will be redirected to the AWS CloudFormation page.

    • Review the stack details and options.

    • Follow the on-screen prompts to launch the stack.

  6. Finalizing the Stack Launch

    • Once the stack is successfully launched, the necessary permissions will be added to your Lambda execution role.

    • This setup will enable you to automate the management of EC2 instances with encrypted EBS volumes using nOps.

How it Works

Once you choose the respective option for Single or All KMS Keys, a unique CloudFormation Launch Stack URL is prepared with the appropriate execution role for your Lambda function. Redirecting to the AWS CloudFormation page allows you to review the configuration options and proceed with the stack launch. Upon successful completion, the permissions required to manage EC2 instances with encrypted volumes are granted to your Lambda function. Our stacks are fully open source and can be reviewed here and here. Both these stacks used for one key or all keys respectively applies following permissions to the Lambda hosted in your environment.



This configuration provides flexibility, allowing users to grant their Lambda functions access to either all KMS keys or specific KMS keys as needed. This ensures secure and efficient automation of EC2 instance management with encrypted EBS volumes.


Configuring KMS Key permissions in nOps is a straightforward process that significantly enhances the automation capabilities of your AWS infrastructure. By following this guide, you can ensure your Lambda functions have the necessary permissions to perform critical automation tasks securely.

Datadog Agent in ASG for Enhanced Rightsizing
DataDog Agent Configuration On your Linux based ASG
Maximizing Cost Efficiency with nOps Essentials Idle Instance Feature
Cloudwatch Agent Configuration On your Linux based EC2
Idle EBS Volume Cleanup
EC2 and ASG Rightsizing with nOps with DataDog integration
Introduction to nOps Essentials
Essentials Stack
Essentials for Storage
Essentials Summary Page
IAM permissions for Essentials
nOps Scheduler with Terraform
Back to top       Home