Study Guides > AWS Cybersecurity Notes > Amazon KMS

Overview

• Data encryption is the most critical aspect.

• Must know KMS and the API calls used in the service

Customer Master Keys

• Contain key material for encryption and decryption.

• CMKs are managed in KMS

• KMS provides a way to store and manage keys.

• They are used to manage encryption keys for data.

• KMS protects the CMKs

• CMKs integrate with AWS services.

• They can also be used outside of AWS.

• Two different types of CMK exist:

• Customer managed.

• AWS managed.

• CMKs support envelope encryption.

• A data key is generated for the data.

• The data key is encrypted with the CMK.

• Key usage is logged in CloudTrail and CloudWatch