KMS
| Owner | |
|---|---|
| Verification | |
| Tags | |
| Last edited time |
Encrypt data in AWS(EBS, S3, RedShift, RDS, SSM Parameter Store)
- Symmetric Keys - used by AWS - used for envelope encryption
- Asymetric keys (new) Public + Private key - outside of AWS
Key types
- Customer Managed key - managed by client ,Cloud Trail audit
- AWS managed key - used by AWS services - auto rotate every 1 year , Cloud Trail audit
- AWS owned keys - created by AWS - cant audit
🔑
Multi region keys has the same ID , but are not global (1 master + replicas) can promote any key to be the master key