What is AWS Cloud? AWS Global Infrastructure AWS Shared Responsibility Model AWS Well-Architected Framework AWS Compute Services Overview Amazon EC2 Fundamentals AWS Storage Services Amazon S3 Object Storage AWS Networking VPC Fundamentals AWS IAM Identity Access Management AWS Pricing and Billing Amazon RDS Managed Database Amazon VPC Peering and Endpoints Elastic Load Balancing ELB Amazon CloudWatch Monitoring AWS Auto Scaling Amazon Route 53 DNS AWS CloudFormation Infrastructure AWS Lambda Serverless Amazon DynamoDB NoSQL Amazon ElastiCache Redis Memcached AWS CloudFront CDN Amazon SQS SNS Messaging AWS Organizations SCPs AWS Config Compliance AWS Systems Manager Amazon GuardDuty Threat Detection AWS Shield DDoS Protection AWS Key Management Service KMS AWS Support Plans SLA

Back to Lessons

AWS Key Management Service KMS

April 5, 2026

Key Management Service

Create/manage cryptographic keys for AWS services.

KMS Key Types

Customer Managed Keys (CMK):
- Full control over rotation/deletion
- $1/key/month + $0.03/10K reqs

AWS Managed Keys (free):
- Automatic rotation
- Limited control

Imported Keys:
- Bring your own key material

Key Policies:
- Granular access control
- Cross-account access
- External AWS accounts

Integration

S3, EBS, RDS, Lambda encryption
CloudTrail key usage logs
Key rotation (annual auto)
Multi-region keys

Previous Lesson Next Lesson