[AWS] Key Management Service (KMS)

Key Management Service (KMS) is a regional secure key management service (FIPS 140-2 level 2 validated) that provides encryption and decryption. KMS is integrated with most of other AWS services.

  • KMS is a regional service, not a global one.
  • KMS is NOT an ideal place to save database passwords and API keys. They are stored in Systems Manager Parameter Store.
  • You are charged per API call.
  • KMS has the audit capability using CloudTrail to provide encryption key usage logs, which are saved in S3.
Continue reading “[AWS] Key Management Service (KMS)”