AWS KMS
Key management service for encryption of data within AWS
AWS Key Management Service (KMS) is a managed service that makes it easy to create and control the encryption keys used to encrypt data. KMS integrates with many AWS services to help protect data stored in these services. KMS provides centralized control over the lifecycle of cryptographic keys. It allows you to create, import, rotate, disable, delete, define usage policies for, and audit the use of encryption keys used to protect your data. The primary resource in KMS is a Customer Master Key (CMK). There are three types of CMKs: 1. AWS managed CMKs - created, managed, and used by AWS services 2. Customer managed CMKs - created, managed, and used by customers 3. AWS owned CMKs - collection of CMKs that AWS services own and manage for use in multiple accounts KMS uses Hardware Security Modules (HSMs) that are validated under FIPS 140-2 to protect keys. It's designed so that no one, including AWS employees, can retrieve your plaintext keys. KMS integrates with AWS CloudTrail to log all key usage for auditing, regulatory, and compliance needs. Common use cases include: - Encrypting data at rest in AWS services like S3, RDS, DynamoDB - Envelope encryption, where data is encrypted with a data key, and the data key is encrypted with a master key - Creating secure key hierarchies KMS provides both symmetric and asymmetric key options. With symmetric keys, the same key is used for encryption and decryption. With asymmetric keys, there are separate public and private keys for encryption/verification and decryption/signing operations. Pricing is based on the number of CMKs and API requests made to KMS. KMS helps meet compliance requirements for encrypting data at rest across AWS services.
AWS Key Management Service (KMS) is a managed service that makes it easy to create and control the encryption keys used to encrypt data. KMS integrates with many AWS services to help protect data sto…
Concepts covered: Data Keys, Customer Master Key, Cryptographic Algorithms, Key Management Best Practices, AWS Key Management Service, Key Rotation, Access Control and Auditing, Envelope Encryption, Grant Tokens, AWS KMS Integration
Go Premium
AWS Certified Solutions Architect - Associate Preparation Package (2025)
- 2202 Superior-grade AWS Certified Solutions Architect - Associate practice questions.
- Accelerated Mastery: Deep dive into critical topics to fast-track your mastery.
- Unlock Effortless AWS Certified Solutions Architect preparation: 5 full exams.
- 100% Satisfaction Guaranteed: Full refund with no questions if unsatisfied.
- Bonus: If you upgrade now you get upgraded access to all courses
- Risk-Free Decision: Start with a 7-day free trial - get premium features at no cost!