Amazon KMS

From Cramsession

Revision as of 23:12, 29 May 2025 by Mflavell (talk | contribs) (→‎Customer Master Keys)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to navigation Jump to search

✍️ Verified Author: Mflavell • Click to view professional profile & credentials

Study Guides > AWS Cybersecurity Notes > Amazon KMS

Overview

Data encryption is the most critical aspect.

Must know KMS and the API calls used in the service

Customer Master Keys

Contain key material for encryption and decryption.

CMKs are managed in KMS

KMS provides a way to store and manage keys.

They are used to manage encryption keys for data.

KMS protects the CMKs

CMKs integrate with AWS services.

They can also be used outside of AWS.

Two different types of CMK exist:

Customer managed.

AWS managed.

CMKs support envelope encryption.

A data key is generated for the data.

The data key is encrypted with the CMK.

Key usage is logged in CloudTrail and CloudWatch

AWS Managed CMKs

Owned and used by AWS services

Independent from the customer account.

Retrieved from "https://cramsession.net/index.php?title=Amazon_KMS&oldid=1027"

Navigation menu