AWS KMS internal operations

AWS Key Management Service (AWS KMS) provides cryptographic keys and operations secured by FIPS 140-3 Security Level 3 validated hardware security modules (HSM) scaled for the cloud. AWS KMS keys and functionality are used by multiple AWS cloud services, and you can use them to protect data in your applications. This technical guide provides details on the cryptographic operations that are run within AWS when you use AWS KMS.

AWS KMS internals are required to scale and secure HSMs for a globally distributed key management service.

Topics

Domains and domain state
Internal communication security
Replication process for multi-Region keys
Durability protection

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Permissions reference

Domains and domain state