Scribd
Upload
629 views8 pages

11.AWS Key Management Service

AWS Key Management Service (KMS) provides centralized control over encryption keys used to protect data. It allows users to create, rotate, disable, define policies for, and audit the use of encryption keys integrated with AWS services like S3, EBS, RDS, Redshift, Elastic Transcoder, and WorkMail. AWS KMS enables developers to easily encrypt data in their applications or within supported AWS services.

Uploaded by

Biplab Parida
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
629 views8 pages

11.AWS Key Management Service

AWS Key Management Service (KMS) provides centralized control over encryption keys used to protect data. It allows users to create, rotate, disable, define policies for, and audit the use of encryption keys integrated with AWS services like S3, EBS, RDS, Redshift, Elastic Transcoder, and WorkMail. AWS KMS enables developers to easily encrypt data in their applications or within supported AWS services.

Uploaded by

Biplab Parida
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd

AWS KMS

AWS KEY MANAGEMENT SERVICE


AWS KMS

 AWS Key Management Service gives you centralized


control over the encryption keys used to protect your
data
 You can create, rotate, disable, define usage policies
for, and audit the use of encryption keys used to
encrypt your data
 AWS Key Management Service is integrated with
Amazon S3, Amazon EBS, Amazon RDS, Amazon
Redshift, Amazon Elastic Transcoder and Amazon
WorkMail
AWS KMS

 AWS KMS is integrated with AWS CloudTrail which


provides you the ability to audit who used which
keys, on which resources, and when
 AWS KMS enables developers to easily encrypt data,
whether through 1-click encryption in the AWS
Management Console, or using the AWS SDK to
easily add encryption in their application code
AWS KMS Features

 Create keys with a unique alias and description


 Define which IAM users and roles can manage keys
 Define which IAM users and roles can use keys to encrypt
and decrypt data
 Choose to have AWS KMS automatically rotate your keys
on an annual basis
 Temporarily disable keys so they cannot be used by
anyone
 Re-enable disabled keys
 Audit use of keys by inspecting logs in AWS CloudTrail
How KMS Works

 AWS KMS allows you to centrally manage and securely


store your keys.
 These keys can be used from within your applications
and supported AWS cloud services to protect your data,
but the key never leaves KMS AWS.
 You submit data to AWS KMS to be encrypted, or
decrypted, under keys that you control.
 You set usage policies on these keys that determine
which users can use them to encrypt and decrypt data.
 All requests to use these keys are logged in AWS
CloudTrail so you can understand who used which key
when
AWS KMS

 You can use AWS KMS to help encrypt data locally in


your own applications or have it encrypted within a
supported AWS cloud service
 AWS Services Integrated with KMS
 Amazon Elastic Block Store (EBS)
 Amazon Simple Storage Service (S3)
 Amazon RDS
 Amazon Redshift
 Amazon Elastic Transcoder
 Amazon WorkMail
 Amazon EMR
AWS KMS

 With AWS KMS you can:


 Create, describe, and list keys

 Enable and disable keys

 Set and retrieve key usage policies

 Create, delete, list, and update key aliases


AWS KMS

 With AWS KMS you can also perform the following


cryptographic functions using keys:
 Encrypt, decrypt, and re-encrypt data
 Generate data keys that can be exported from the service in
plaintext or which can be encrypted under a key that doesn't
leave the service
 Generate random numbers suitable for cryptographic
applications

You might also like