Customer Master Keys(CMK)

This is the main key type within KMS

There are 2 types of CMKs:

AWS managed CMKs

Customer managed CMKs

AWS services can also be configured to use your own customer CMKs

Any CMKs created within KMS are protected by FIPS 140.2 validated cryptographic modules

Data Encryption Keys(DEK)

Data keys are used to encrypt your data of any size

Key Policies

The key policies allow you to define who can use and access a key in KMS


Grants are another method of controlling access and use of the CMKs held within KMS

Nadtakan Futhoem — Sr. Software Engineer

Founder of & Serverless Cloud developer. Follow me on Twitter