Testing Professor
Testing ProfessorMulti-Cloud Guidebook · AWS
All services

Security, Identity & Compliance

AWS KMS

Managed cryptographic keys for encryption everywhere.

Official docs

Overview

Key Management Service creates and controls keys used to encrypt data across S3, EBS, RDS, Secrets Manager and more, with full audit via CloudTrail.

When to use it

  • Customer-managed encryption keys
  • Envelope encryption in apps
  • Regulatory compliance

Setup

  1. Create a Customer Managed Key (symmetric AES-256).
  2. Define key policy + grants per principal.
  3. Reference by KeyId/Alias in encrypted services.

How to use

Encrypt
aws kms encrypt --key-id alias/qa --plaintext fileb://data.bin --output text --query CiphertextBlob | base64 -d > data.enc

QA use cases

  • Verify encryption-at-rest by attempting to access raw S3 objects with wrong KMS perms — expect 403.