AWS Security Blog
Category: AWS Key Management Service
Manage your AWS KMS API request rates using Service Quotas and Amazon CloudWatch
AWS Key Management Service (KMS) publishes API usage metrics to Amazon CloudWatch and Service Quotas allowing you to both monitor and manage your AWS KMS API request rate quotas. This functionality helps you understand trends in your usage of AWS KMS and can help prevent API request throttling as you grow your use of AWS […]
How to improve LDAP security in AWS Directory Service with client-side LDAPS
You can now better protect your organization’s identity data by encrypting Lightweight Directory Access Protocol (LDAP) communications between AWS Directory Service products (AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft AD, and AD Connector) and self-managed Active Directory. Client-side secure LDAP (LDAPS) support enables applications that integrate with AWS Directory […]
How to use KMS and IAM to enable independent security controls for encrypted data in S3
August 31, 2021:AWS KMS is replacing the term customer master key (CMK) with AWS KMS key and KMS key. The concept has not changed. To prevent breaking changes, AWS KMS is keeping some variations of this term. More info. Typically, when you protect data in Amazon Simple Storage Service (Amazon S3), you use a combination […]
Digital signing with the new asymmetric keys feature of AWS KMS
October 29, 2021: AWS KMS is replacing the term customer master key (CMK) with AWS KMS key and KMS key. The concept has not changed. To prevent breaking changes, AWS KMS is keeping some variations of this term. More info. AWS Key Management Service (AWS KMS) now supports asymmetric keys. You can create, manage, and […]
Post-quantum TLS now supported in AWS KMS
January 30, 2024: The API in this blog post has been changed in newer version of the AWS CRT Client. See this page for more info. January 25, 2023: AWS KMS, ACM, Secrets Manager TLS endpoints have been updated to only support NIST’s Round 3 picked KEM, Kyber. s2n-tls and s2n-quic have also been updated […]
How to deploy CloudHSM to securely share your keys with your SaaS provider
August 31, 2021:AWS KMS is replacing the term customer master key (CMK) with AWS KMS key and KMS key. The concept has not changed. To prevent breaking changes, AWS KMS is keeping some variations of this term. More info. August 6, 2019: We’ve made an update to clarify use cases for VPC peering. If your […]
How to decrypt ciphertexts in multiple regions with the AWS Encryption SDK in C
November 1, 2021: AWS KMS is replacing the term customer master key (CMK) with AWS KMS key and KMS key. The concept has not changed. To prevent breaking changes, AWS KMS is keeping some variations of this term. More info. You’ve told us that you want to encrypt data once with AWS Key Management Service […]
AWS re:Invent Security Recap: Launches, Enhancements, and Takeaways
For more from Steve, follow him on Twitter Customers continue to tell me that our AWS re:Invent conference is a winner. It’s a place where they can learn, meet their peers, and rediscover the art of the possible. Of course, there is always an air of anticipation around what new AWS service releases will be […]
Are KMS custom key stores right for you?
October 29, 2021: AWS KMS is replacing the term customer master key (CMK) with AWS KMS key and KMS key. The concept has not changed. To prevent breaking changes, AWS KMS is keeping some variations of this term. More info. You can use the AWS Key Management Service (KMS) custom key store feature to gain […]
Podcast: How AWS KMS could help customers meet encryption and deletion requirements, including GDPR
Encryption is a powerful tool to protect your data but it can be difficult to get right because it demands understanding how encryption keys are created, distributed, used, and managed. To make encryption easier to use, we created AWS Key Management Service (KMS) to let you scale your use of the cloud without struggling to […]