Key management

Amazon Q Business encrypts the contents of your index using the following types of keys:

An AWS-owned AWS KMS. This is the default.
A customer-managed KMS key. You can create the key when you are creating an Amazon Q application, retriever, index, web experience, data source, or plugins, or you can create the key using the AWS KMS console. Select a symmetric encryption customer-managed KMS key.

Important
Amazon Q does not support asymmetric KMS keys. For more information, see Using Symmetric and Asymmetric Keys in the AWS Key Management Service Developer Guide.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Data encryption for Amazon Q Apps

Service improvement