Key Management Service (KMS)

• Data protection service
• Create and control (manages) keys used to encrypt the data
• Fully managed
• Fully integrated with IAM for authorization
• Able to audit KMS Key usage using CloudTrail
• Seamlessly integrated into most AWS service (EBS, S3, ...)
• Keys
  • AWS-owned keys
  • AWS-managed keys
  • Customer-managed keys
• Key Types
  • Symmetric (AES-256 keys)
  • Asymmetric (RSA & ECC key pairs)