AWS Key Management Service
E293760
AWS Key Management Service is a managed cloud service that enables users to create, control, and securely use cryptographic keys for protecting data across AWS applications and services.
All labels observed (2)
| Label | Occurrences |
|---|---|
| AWS Key Management Service canonical | 10 |
| AWS KMS | 3 |
Statements (126)
| Predicate | Object |
|---|---|
| instanceOf |
AWS service
ⓘ
cloud key management service ⓘ cryptographic key management system ⓘ |
| accessControlledBy |
IAM policies
ⓘ
grants ⓘ key policies ⓘ |
| alsoKnownAs |
AWS Key Management Service
ⓘ
surface form:
AWS KMS
|
| billingModel | pay-as-you-go ⓘ |
| chargesFor |
API requests
ⓘ
key creation ⓘ key storage ⓘ |
| consoleURL | https://console.aws.amazon.com/kms ⓘ |
| deploymentModel | managed service ⓘ |
| developedBy | Amazon Web Services ⓘ |
| documentationURL | https://docs.aws.amazon.com/kms/latest/developerguide/overview.html ⓘ |
| hasFeature |
CloudTrail logging of key usage
ⓘ
FIPS endpoints ⓘ HMAC generation and verification ⓘ VPC endpoint support ⓘ XKS (external key store) integration ⓘ aliases ⓘ asymmetric encryption and decryption ⓘ asymmetric signing ⓘ automatic key rotation ⓘ cross-account key access ⓘ data key caching ⓘ data keys ⓘ envelope encryption ⓘ fine-grained IAM permissions ⓘ grants ⓘ grants for temporary access ⓘ imported key material ⓘ key deletion scheduling ⓘ key disable and enable operations ⓘ key material expiration for imported keys ⓘ key origin tracking ⓘ key policies ⓘ key policy conditions ⓘ key rotation ⓘ key tags ⓘ manual key rotation ⓘ multi-Region key replication ⓘ multi-Region primary and replica keys ⓘ public key export for asymmetric keys ⓘ region-specific keys ⓘ |
| integratesWith |
AWS Backup
ⓘ
AWS Certificate Manager ⓘ AWS CloudFormation ⓘ Cloud HSM ⓘ
surface form:
AWS CloudHSM
AWS CloudTrail ⓘ AWS CodeBuild ⓘ AWS CodePipeline ⓘ AWS Config ⓘ AWS DataSync ⓘ AWS Direct Connect ⓘ AWS Glue ⓘ AWS Identity and Access Management ⓘ AWS IoT Core ⓘ AWS Key Management Service multi-Region keys ⓘ AWS Lambda ⓘ AWS Organizations ⓘ AWS Secrets Manager ⓘ AWS Security Hub ⓘ AWS Snowball ⓘ AWS Step Functions ⓘ AWS Storage Gateway ⓘ AWS Systems Manager ⓘ AWS Transfer Family ⓘ AWS WAF ⓘ Amazon Aurora ⓘ Amazon CloudWatch ⓘ
surface form:
Amazon CloudWatch Logs
Amazon DynamoDB ⓘ Amazon EBS ⓘ Amazon ECR ⓘ Amazon EFS ⓘ Amazon EMR ⓘ Amazon ECS ⓘ
surface form:
Amazon Elastic Container Service
Amazon Elastic Kubernetes Service ⓘ Amazon Elastic Transcoder ⓘ Amazon FSx ⓘ Amazon GuardDuty ⓘ Amazon Kinesis ⓘ Amazon MSK ⓘ Amazon Macie ⓘ Amazon OpenSearch Service ⓘ Amazon QuickSight ⓘ Amazon RDS ⓘ Amazon Redshift ⓘ Amazon S3 ⓘ Amazon SNS ⓘ Amazon SQS ⓘ Amazon SageMaker ⓘ Amazon WorkSpaces ⓘ |
| offers |
data key generation APIs
ⓘ
decryption APIs ⓘ digital signature APIs ⓘ encryption APIs ⓘ message authentication code APIs ⓘ |
| primaryFunction |
control access to cryptographic keys
ⓘ
create cryptographic keys ⓘ manage cryptographic keys ⓘ perform cryptographic operations ⓘ store cryptographic keys ⓘ |
| providedBy | Amazon Web Services ⓘ |
| regionScope | regional service ⓘ |
| securityProperty |
integrated auditing via CloudTrail
ⓘ
keys protected by HSMs ⓘ never exposes plaintext CMKs outside HSMs ⓘ |
| supports |
AWS managed keys
ⓘ
AWS owned keys ⓘ CloudHSM key stores ⓘ ECC key pairs ⓘ FIPS 140-2 validated HSMs ⓘ HMAC keys ⓘ RSA key pairs ⓘ asymmetric encryption keys ⓘ custom key stores ⓘ customer managed keys ⓘ multi-Region keys ⓘ symmetric encryption keys ⓘ |
| usedFor |
centralized key management
ⓘ
data-at-rest encryption ⓘ data-in-transit protection with integrated services ⓘ digital signatures ⓘ regulatory compliance support ⓘ |
| uses | hardware security modules ⓘ |
Referenced by (13)
Full triples — surface form annotated when it differs from this entity's canonical label.
this entity surface form:
AWS KMS
this entity surface form:
AWS KMS
this entity surface form:
AWS KMS