From the preceding example, you will have learned that there are two types of keys:
- Data keys: Data keys are encryption keys that are used to encrypt data. They can be used to encrypt small or large sizes of data or they can even be used to encrypt other keys. As mentioned previously, a data key can be encrypted using a CMK to secure the data key itself.
- CMKs: The master key or CMK, is used to encrypt and decrypt the data key. They can be of the following three types:
- Customer-managed CMKs: AWS allows you to create your own CMKs. When you create a CMK, you are also authorized to manage it. The CMKs that you create and manage in your account are called customer-managed CMKs. Here's what you can do with customer-managed CMKs:
- Create and maintain key polices related to CMKs.
- Create IAM policies and apply them to CMKs.
- Manage permissions on the CMKs.
- Enable and...
- Customer-managed CMKs: AWS allows you to create your own CMKs. When you create a CMK, you are also authorized to manage it. The CMKs that you create and manage in your account are called customer-managed CMKs. Here's what you can do with customer-managed CMKs: