Key Management Service (KMS)
- Data protection service
- Create and control (manages) keys used to encrypt the data
- Fully managed
- Fully integrated with IAM for authorization
- Able to audit KMS Key usage using CloudTrail
- Seamlessly integrated into most AWS service (EBS, S3, ...)
- Keys
- AWS-owned keys
- AWS-managed keys
- Customer-managed keys
- Key Types
- Symmetric (AES-256 keys)
- Asymmetric (RSA & ECC key pairs)