Please enable JavaScript.
Coggle requires JavaScript to display documents.
KMS - Coggle Diagram
KMS
Keys types
Key
Symmetric (AES-256 keys)
Can
never get access
to the KMS key unencrypted (must use API to call)
Used by AWS services integrated with KMS
Single encryption
Asymmetric (RSA & ECC key pairs)
Public and private key pairs
Used for Encrypt/Decrypt or Sign/Verify operation
Public key is downloadable but cannot get the Private key unencrypted
Use Case
: encryption outside of AWS by users who can't call KMS API
Type
AWS managed key (free)
Customer Managed Key (CMK) 1$/month
Customer Managed Key imported (must be symmetric key)
Automatic key rotation
AWS managed key automatic per 1 year
CMK must be enable
CMK imported manual rotation possible using alias
API call price : 0.03$ / 10k call
Multi-region key
AWS manages encryption keys
Can integrated into most AWS services