AWS Key Management Service (KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data, and uses Hardware Security Modules (HSMs) to protect the security of your keys. AWS Key Management Service is integrated with several other AWS services to help you protect the data you store with these services. AWS Key Management Service is also integrated with AWS CloudTrail to provide you with logs of all key usage to help meet your regulatory and compliance needs.
AWS Key Management Service provides you with centralized control of your encryption keys. KMS presents a single view into all of the key usage in your organization. You can easily create, import, and rotate keys as well as define usage policies and audit usage from the AWS Management Console or by using the AWS SDK or CLI.
AWS Key Management Service makes it easy to manage encryption keys used to encrypt data stored by your applications regardless of where you store it. KMS provides an SDK for programmatic integration of encryption and key management into your applications.