- KMS stands for Key Management Service.
- It is a managed service by AWS that makes easy to create and control the encryption keys, which further used to encrypt data.
- It provides centralized key management.
- It provides integration with other AWS services.
- It works with CloudTrail to provide logs of API calls made to or by KMS.
- It is secure as AWS stores these keys using FIPS 140-2 validated hardware modules.
- It is low cost and fully compliant service.
- It allows us to centrally manage and securely store our encryption keys.
- We can set usage policies on these keys that determine which users can use them to encrypt and decrypt data.
- AWS KMS is a managed service that enables to easily create & control the keys used for cryptographic operations.
- Automatic key rotation is not supported for asymmetric CMKs.
- Users cannot use the custom key store functionality with asymmetric keys nor can they import asymmetric keys into KMS.
- It supports symmetric and asymmetric CMKs.
- It provides symmetric data keys and asymmetric data key pairs that are designed to be used for client-side cryptography outside of KMS.
- It prices are unaffected by the use of a custom key store.
- It FIPS 140-2 validated HTTPS endpoints are powered by the OpenSSL FIPS Object Module.
- The symmetric data keys can be exported using either the 'GenerateDataKey' API or the 'GenerateDataKeyWithoutPlaintext' API.
- Users must use AWS KMS APIs directly or through the AWS SDK to integrate signing & encryption capabilities into their applications.
- It is integrated with AWS CloudTrail to provide logs of all key usage to help regulatory & compliance needs.
No comments:
Post a Comment