• AWS provided encryption service
  • Helps in controlling data access and managing encryption keys
  • Tightly integrated with AWS IAM for validations
  • Following AWS services use KMS
    • EBS to encrypt volumes
    • S3 for Server side encryption of objects
    • Redshift for encryption of data
    • RDS for encryption of data
  • Accessible by CLI / SDK
  • CloudTrail logs KMS usage by logs
  • It decrypts/encrypts up to 4KB of data.
  • Policies for creation and management of master keys or CMKs. Also enlist who and how to use CMK.
  • encrypt maximum 4096 bytes.
  • only symmetric encryption is supported for asymmetric use cloudHSM
Menu