How AWS Services use AWS KMS
Many AWS services use AWS KMS to support encryption of your data. When an AWS service is integrated with AWS KMS, you can use the customer master keys (CMKs) in your account to protect the data that the service receives, stores, or manages for you. For the complete list of AWS services that are integrated with AWS KMS, see AWS Service Integration.
The following topics discuss in detail how particular services use AWS KMS, including the CMKs they support, how they manage data keys, the permissions they require, and how to track each service's use of the CMKs in your account.
The first topic explains envelope encryption and the methods that many integrated services use to encrypt and decrypt your data transparently.
Topics
- How Envelope Encryption Works with Supported AWS Services
- AWS CloudTrail
- Amazon Elastic Block Store (Amazon EBS)
- Amazon Elastic Transcoder
- Amazon EMR
- Amazon Redshift
- Amazon Relational Database Service (Amazon RDS)
- Amazon Simple Email Service (Amazon SES)
- Amazon Simple Storage Service (Amazon S3)
- AWS Systems Manager Parameter Store
- Amazon WorkMail
- Amazon WorkSpaces
