What is AWS Key Management Service (KMS)?
What can you do?
Using AWS KMS
Encrypting EBS data
EBS data can be encrypted using AWS KMS.
When creating an Amazon EBS volume, specify the AWS KMS Customer Master Key (CMK). By default, Amazon EBS uses the AWS-managed CMK for Amazon EBS assigned to the user's account. However, you can specify a customer-managed CMK.
Amazon EBS generates a unique data key for each volume using the specified CMK. Then, when the volume is connected to an Amazon EC2 instance, Amazon EBS uses the data key to encrypt all disk I/O to the volume.
The AWS Key Management Service (KMS) makes it easy to create and manage encryption keys.
This service allows users to easily create and manage keys used for data encryption and digital signatures.
This is used for data encryption, such as S3.
However, KMS alone cannot guarantee the implementation of industry-standard encryption support.
What is an encryption key anyway?
Encryption keys are used to access services such as EC2 and S3.