AWS Key Management
AWS Key Management Service (KMS) allows you to create, manage, and control the cryptographic keys that are used to protect your data.
What You Can Do With KMS
Using this tool, your organization has more control and access over the data you choose to encrypt and protect. Because these functionalities are integrated into the services themselves, taking advantage of them is easy.
- Generate or modify KMS keys
- Implement role-based access control
- Automate the key lifecycle
- Implement automatic rotation
- Disable or delete keys at the end of their life cycles
You can additionally perform cryptographic functions with your KMS keys. Sign and verify messages and generate random numbers for cryptographic use right from the service.
The Features of AWS Key Management
Hardware Security Modules
Amazon’s implementation of KMS uses hardware security modules (HSMs), physical computing devices used to handle keys and digital signatures through encryption and decryption. The HSMs operate under the FIPS 140-2 standard to ensure independently tested reliability in the field.
AWS CloudTrail
CloudTrail is another service offered by Amazon that records all your account activity for storage and analysis. It’s primarily used as a method to gain compliance with regulations like HIPAA for personal health information and PCI for card payments.
To help with your auditing and regulatory needs, Amazon Web Services’s Key Management Service works directly with CloudTrail to provide that same level of awareness and control.
Integration with Other Amazon Services
Encrypting your data no matter where you’re using it within the Amazon ecosystem is the goal of AWS key management. There are dozens of services offered by Amazon with official support for this key management service. Among them are:
- Alexa For Business
- Amazon Connect
- Amazon Location Service
- Amazon WorkMail
- AWS Audit Manager
- AWS Backup
- AWS Certificate Manager
- AWS Database Migration Service
Key Management with Akeyless
Protect and automate access to secrets like credentials, keys, tokens, and API-Keys across your DevOps tools and Cloud platforms using a secured vault. Learn more about Akeyless Vault for Secrets Management.