How AWS services use AWS KMS

Many AWS services use AWS KMS to support encryption of your data. When an AWS service is integrated with AWS KMS, you can use the AWS KMS keys in your account to protect the data that the service receives, stores, or manages for you. For the complete list of AWS services integrated with AWS KMS, see AWS Service Integration.

The following topics discuss in detail how particular services use AWS KMS, including the KMS keys they support, how they manage data keys, the permissions they require, and how to track each service's use of the KMS keys in your account.

Important

AWS services that are integrated with AWS KMS use only symmetric encryption KMS keys to encrypt your data. These services do not support encryption with asymmetric KMS keys. For help determining whether a KMS key is symmetric or asymmetric, see Identifying asymmetric KMS keys.

Topics

• AWS CloudTrail
• Amazon DynamoDB
• Amazon Elastic Block Store (Amazon EBS)
• Amazon Elastic Transcoder
• Amazon EMR
• AWS Nitro Enclaves
• Amazon Redshift
• Amazon Relational Database Service (Amazon RDS)
• AWS Secrets Manager
• Amazon Simple Email Service (Amazon SES)
• Amazon Simple Storage Service (Amazon S3)
• AWS Systems Manager Parameter Store
• Amazon WorkMail
• WorkSpaces