KMS Flashcards
This deck aims to help retain concepts related to the AWS KMS service.
Does KMS support only asymmetric encryption keys?
No, KMS supports both symmetric and asymmetric encryption keys
Which cryptographic operations is KMS capable of?
Encryption and decryption
Are KMS keys used directly to encrypt data?
No, KMS keys are used to generate Data Encryption Keys (DEKs), which are used to encrypt data
What is the maximum size of data that KMS keys can work on?
Up to 4KB in size (4,096 bytes to be precise)
How is access to KMS keys provided?
Access must be explicitly provided through the KMS key resource-based policy
In the scenario of key rotation, how does KMS decrypt data that was previously encrypted by an older key?
KMS retains previous keys so that data encrypted before rotation can still be decrypted
How would you describe the KMS scope?
KMS is a regional and public service
Can KMS keys leave KMS unencrypted?
No, KMS keys never leave KMS unencrypted
What types of keys does KMS feature?
AWS owned keys, AWS managed keys, and customer managed keys
Which type of KMS keys are created, owned, and managed by you in your AWS account?
Customer managed keys
Which type of KMS keys in your AWS account are created, managed, and used on your behalf by an AWS service integrated with AWS KMS?
AWS managed keys
Which type of KMS keys are owned and managed by an AWS service for use in multiple AWS accounts?
AWS owned keys