Amazon Key Management Service (AWS KMS) is a managed service that allows users to easily generate and maintain cryptographic keys for securing their data. The service ensures that keys are protected and verified by hardware security modules (HSM) according to the FIPS 140-2 Cryptographic Module Validation Program, except for China regions where OSCCA-certified HSMs are used instead.
What is Amazon Key Management Service?
Amazon Key Management Service (AWS KMS) is a managed service that allows you to generate, maintain, and control cryptographic keys to secure your data. With AWS KMS, you can easily manage your keys and their usage across your applications.
How does AWS KMS secure your data?
AWS KMS uses hardware security modules (HSM) to protect and verify your cryptographic keys. The HSMs in use are compliant with the FIPS 140-2 Cryptographic Module Validation Program. This validation ensures that AWS KMS meets the highest security standards set by the federal government. The keys generated by AWS KMS are stored and used within the secure environment of AWS KMS infrastructure.
Is AWS KMS available in all regions?
No. Amazon KMS is available in all regions except for the China (Beijing) and China (Ningxia) regions. In these regions, Amazon KMS protects KMS keys using OSCCA-certified HSMs.
What is the OSCCA?
The Office of the State Commercial Cryptography Administration (OSCCA) is China’s top regulatory agency for commercial cryptographic products. The OSCCA regulates the use of cryptography within China, and the OSCCA certification ensures that HSMs are compliant with Chinese regulations.
The resolution
With AWS KMS, you can easily generate, control, and maintain the cryptographic keys needed to secure your data. The service is available in most regions across the globe, ensuring that customers worldwide can benefit from secure key management. In regions where FIPS 140-2 Cryptographic Module Validation is not supported, such as China (Beijing) and China (Ningxia), AWS KMS protects your KMS keys using OSCCA-certified HSMs.
