Encryption at rest

Amazon Kendra encrypts your data at rest with your choice of an encryption key. You can choose one of the following:

An AWS-owned AWS KMS key. If you don't specify an encryption key your data is encrypted with this key by default.
An AWS-managed KMS key in your account. This key is created, managed, and used on your behalf by Amazon Kendra. The key name is aws/kendra.
A customer-managed key. You can provide the ARN of an encryption key that you created in your account. When you use a customer-managed KMS key, you must give the key a key policy that allows Amazon Kendra to use the key. Select a symmetric encryption customer-managed KMS key, Amazon Kendra does not support asymmetric KMS keys. For more information, see Key management.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Data protection

Encryption in transit