AWS Security Blog

Tag: KMS

How to BYOK (bring your own key) to AWS KMS for less than $15.00 a year using AWS CloudHSM

Note: BYOK is helpful for certain use cases, but I recommend that you familiarize yourself with KMS best practices before you adopt this approach. You can review best practices in the AWS Key Management Services Best Practices (.pdf) whitepaper. May 14, 2019: We’ve updated a sentence to clarify that this solution does not include instructions […]

Read More

AWS Key Management Service now offers FIPS 140-2 validated cryptographic modules enabling easier adoption of the service for regulated workloads

AWS Key Management Service (KMS) now uses FIPS 140-2 validated hardware security modules (HSM) and supports FIPS 140-2 validated endpoints, which provide independent assurances about the confidentiality and integrity of your keys. Having additional third-party assurances about the keys you manage in AWS KMS can make it easier to use the service for regulated workloads. […]

Read More

New! Import Your Own Keys into AWS Key Management Service

Today, we are happy to announce the launch of the new import key feature that enables you to import keys from your own key management infrastructure (KMI) into AWS Key Management Service (KMS). After you have exported keys from your existing systems and imported them into KMS, you can use them in all KMS-integrated AWS […]

Read More

What’s New in AWS Key Management Service: AWS CloudFormation Support and Integration with More AWS Services

We’re happy to make two announcements about what’s new in AWS Key Management Service (KMS). First, AWS CloudFormation has added a template for KMS that lets you quickly create KMS customer master keys (CMK) and set their properties. Starting today, you can use the AWS::KMS::Key resource to create a CMK in KMS. To get started, […]

Read More

AWS Key Management Service Now Supports Deletion of Encryption Keys

Today, AWS launched a new feature that lets you delete your encryption keys managed in AWS Key Management Service (KMS). You can now manage the complete lifecycle of your keys from creation to usage to disablement to deletion. In this blog post, I will explain the changes introduced with this new feature, tell you what […]

Read More

Amazon Redshift and Amazon RDS Now Support Encryption via AWS Key Management Service in the AWS GovCloud (US) Region

Today, Amazon Redshift and Amazon RDS for MySQL, PostgreSQL, Oracle, and SQL Server DB released support for encryption using AWS Key Management Service (KMS) in the AWS GovCloud (US) region. Using keys under your control, you can now encrypt RDS instances, including MySQL, PostgreSQL, Oracle, and SQL Server DB instance types, and Amazon Redshift clusters in AWS GovCloud […]

Read More

AWS Key Management Service Now Available in the AWS GovCloud (US) Region

AWS Key Management Service (KMS) is now available in the AWS GovCloud (US) region. You can now encrypt data in your own applications and within the following AWS services in GovCloud by using keys under your control: Amazon Elastic Block Store volumes Amazon S3 objects using Server Side Encryption (SSE-KMS) and client-side encryption using the […]

Read More

Share Custom Encryption Keys More Securely Between Accounts by Using AWS Key Management Service

AWS Key Management Service (KMS) is a managed service that makes it easy for you to create, control, rotate, and use your encryption keys in your applications. KMS allows you to create custom keys that other AWS Identity and Access Management (IAM) users and roles in your AWS account can use. You can also enable […]

Read More