Key management

You can manage keys for Amazon Timestream Live Analytics using the AWS Key Management Service (AWS KMS). Timestream Live Analytics requires the use of KMS to encrypt your data. You have the following options for key management, depending on how much control you require over your keys:

Database and table resources

Timestream Live Analytics-managed key: If you do not provide a key, Timestream Live Analytics will create a alias/aws/timestream key using KMS.
Customer managed key: KMS customer managed keys are supported. Choose this option if you require more control over the permissions and lifecycle of your keys, including the ability to have them automatically rotated on an annual basis.

Scheduled query resource

Timestream Live Analytics-owned key: If you do not provide a key, Timestream Live Analytics will use its own a KMS key to encrypt the Query resource, this key is present in timestream account. See AWS owned keys in the KMS developer guide for more details.
Customer managed key: KMS customer managed keys are supported. Choose this option if you require more control over the permissions and lifecycle of your keys, including the ability to have them automatically rotated on an annual basis.

KMS keys in an external key store (XKS) are not supported.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Encryption in transit

Identity and access management