- AWS provided encryption service
- Helps in controlling data access and managing encryption keys
- Tightly integrated with AWS IAM for validations
- Following AWS services use KMS
- EBS to encrypt volumes
- S3 for Server side encryption of objects
- Redshift for encryption of data
- RDS for encryption of data
- Accessible by CLI / SDK
- CloudTrail logs KMS usage by logs
- It decrypts/encrypts up to 4KB of data.
- Policies for creation and management of master keys or CMKs. Also enlist who and how to use CMK.
- encrypt maximum 4096 bytes.
- only symmetric encryption is supported for asymmetric use cloudHSM
AWS Certified Security - Specialty Free Practice TestTake a Quiz