AWS Payment Cryptography announces support for cross account key sharing
AWS Payment Cryptography now supports cross account sharing of keys using resource-based policies (RBP). With this new feature, customers can more easily manage cryptographic keys across multiple accounts both internal and external to their company, providing more flexibility to manage keys at scale. With AWS Payment Cryptography, you can simplify cryptography operations in your cloud-hosted payment applications with a service that grows elastically with your business and has been assessed as compliant with PCI PIN Security and Point-to-Point Encryption (P2PE) requirements.
Many customers utilize multiple AWS accounts to delineate different workloads, applications or use cases for payment processing following AWS PCI DSS Guidance. While this pattern is also common with traditional infrastructure, this often leads to duplicating cryptographic material, making lineage and access controls more difficult overall. With the launch of Payment Cryptography integration with RBP, customers can keep a single copy of key material and leverage concise, per-resource access control to enable cross account access without relying on import/export flows.
This feature is available across all AWS Regions where AWS Payment Cryptography is available. To learn more about this feature or to get started with the service, consult the AWS Payment Cryptography user guide.