You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
Data encryption is a fundamental pillar of cloud security. AWS Key Management Service (KMS) provides a centralised, managed service for creating, managing, and controlling encryption keys used to protect your data across AWS services.
AWS KMS is a fully managed service that makes it easy to create and manage cryptographic keys used to encrypt data. KMS integrates with dozens of AWS services — including S3, EBS, RDS, Lambda, and Secrets Manager — so you can encrypt your data with a few clicks or lines of code.
KMS handles the complexity of key management: key creation, rotation, access control, and auditing — all in a secure, FIPS 140-2 validated environment.
A KMS key (formerly called a Customer Master Key or CMK) is the primary resource in KMS. It is a logical representation of a cryptographic key. KMS keys never leave the KMS service unencrypted — you interact with them through API calls.
There are three types of KMS keys:
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.