Amazon KMS

From Cramsession
Revision as of 23:09, 29 May 2025 by Mflavell (talk | contribs) (Created page with "Study Guides > AWS Cybersecurity Notes > Amazon KMS = Overview = * Data encryption is the most critical aspect. * Must know KMS and the API calls used in the service == Customer Master Keys == * Contain key material for encryption and decryption. * CMKs are managed in KMS :* KMS provides a way to store and manage keys. * They are used to manage encryption keys for data. * KMS protects the CMKs * CMKs integrate with AWS services. :* They can also be...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search
✍️ Verified Author: MflavellClick to view professional profile & credentials

Study Guides > AWS Cybersecurity Notes > Amazon KMS

Overview

  • Data encryption is the most critical aspect.
  • Must know KMS and the API calls used in the service


Customer Master Keys

  • Contain key material for encryption and decryption.
  • CMKs are managed in KMS
  • KMS provides a way to store and manage keys.


  • They are used to manage encryption keys for data.
  • KMS protects the CMKs
  • CMKs integrate with AWS services.
  • They can also be used outside of AWS.


  • Two different types of CMK exist:
  • Customer managed.
  • AWS managed.


  • CMKs support envelope encryption.
  • A data key is generated for the data.
  • The data key is encrypted with the CMK.


  • Key usage is logged in CloudTrail and CloudWatch
Retrieved from "https://cramsession.net/index.php?title=Amazon_KMS&oldid=1023"