aws cloudfront create-public-key
--public-key-config CallerReference="0123456789012",Name="public-key",EncodedKey="-----BEGIN PUBLIC KEY----- ... -----END PUBLIC KEY-----",Comment="Field-level encryption public key."
Modify the returned configuration in a new JSON file by setting PublicKeyID as your public ID key. Configure any other options you require and save the file.
public-key-id.json
{"PublicKey":{..."Id":"PUBKEYID000000",...}}
Run create-field-level-encryption-profile using the path of the configuration file saved in step 3.
Modify the returned configuration in a new JSON file by setting ProfileID as your profile ID. Configure any other options you require and save the file.
Modify the returned configuration in a new JSON file by setting FieldLevelEncryptionID as your field level encryption ID. Configure any other options you require and save the file.
Note: Viewer Protocol Policy and Origin Protocol Policy must both be set to HTTPS.