The Fundamentals of the AWS Key Management Service (KMS)


This lesson introduces the AWS Key Management Service, commonly referred to as KMS. It explains how the service uses cryptography to protect data stored in AWS.

Learning Objectives

By the end of this lesson, you will have a greater understanding of the following:

  • The basics of encryption.
  • What the AWS KMS service has been designed to help you with.
  • The different core components and features of KMS, including:
    • AWS KMS Keys
    • Customer keys, AWS Managed Keys, and AWS Owned keys
    • HMAC Keys
    • Data Keys
    • Data Key Pairs
    • Key Material
    • Key Rotation
    • Key Policies
    • Grants

Intended Audience

This lesson has been created for those who have the responsibility to enforce data security measures within AWS, to ensure that the appropriate controls are in place to effectively protect both company and customer data from being accessed by unauthorized parties.


As a prerequisite, you should have a basic understanding of AWS storage services such as Amazon S3.

About the Author
Learning paths

Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.

To date, Stuart has created 250+ courses relating to cloud computing reaching over 1 million+ students.

Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.

He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.

Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.

Covered Topics