Articles → AWS → Key Management Service In AWS Console

Key Management Service In AWS Console

In this article, we will discuss Key Management Service in AWS console.

Purpose

The Key Management Service is used to generate the encryption key.

Symmetric And Asymmetric Keys

Symmetric keys are those that uses the same key for encryption and decryption. Asymmetric keys use different keys i.e., one for encryption and other for decryption.

AWS Managed And Customer Managed Keys

As the name suggests, AWS keys are predefined keys provided by AWS for encryption. Whereas the customer managed keys are created by the user.

AWS Managed Keys Vs AWS Owned Keys

In AWS managed keys

AWS controls the lifecycle and key policies of AWS managed keys.
AWS managed keys are resources in customer AWS accounts.
Customers can view CloudTrail events and can access policies and for AWS managed keys.
All requests that are made against these keys are logged as CloudTrail events.

In AWS owned keys

Keys are exclusively used by AWS for internal encryption operations across different AWS services.
Customers do not have visibility into key policies of the AWS owned keys.
Requests to these keys are not logged in the CloudTrail events.

How To Create A Key?

To create a key, search the word "KMS" in the search box.

Picture showing the Key Management Service in the search box

Click to Enlarge

In the key management service screen, you can see the menu for AWS managed and customer managed keys.

Picture showing the types of key management service that AWS supports

Click to Enlarge

To create a new key, click on the "Create a key" button on the right-hand side.

Picture showing the create a key button for creating the new key in AWS

Click to Enlarge

A screen appears to select the "Key type". Click on the "Next" button.

Picture showing the section of screen for selecting the key type

Click to Enlarge

In the next screen, enter the key name and other details. Click on the "Next" for the next step.

Picture showing a screen for adding the key name and other details

Click to Enlarge

In the next screen, specify the key administrative permissions. Click on the "Next" button to continue.

Picture showing a screen to select the administrative permissions

Click to Enlarge

In the next screen, specify the usage permissions. Click on the "Next" button.

Picture showing a screen to select the usage permissions

Click to Enlarge

Finally, a screen appears where you can review the keys. Click on the "Finish" button to complete the key creation.

Picture showing a review screen before the creation of key

Click to Enlarge

Posted By -	Karan Gupta

Posted On -	Tuesday, September 21, 2021

Updated On -	Friday, December 31, 2021

Query/Feedback

Your Email Id

Subject

Query/Feedback	Characters remaining 250