AWS KMS

AWSSecurityFree tier available

Create and manage cryptographic keys for encryption at rest and in transit with AWS-managed, customer-managed, and imported keys, automatic rotation, and FIPS 140-2 validated HSMs

FluffyStack tools
Add to Service BuilderAdd to CompareCompare with equivalentsExplore AWS in TreemapExplore security in Honeycomb
DocumentationPricing

Attributes

SLA Uptime
99.999%
Hsm Backed
Yes
Fips Compliant
Yes

Sub-services (3)

Customer Managed Keys

KMS keys you create, own, and fully control via policies

AWS Managed Keys

Service-owned keys used transparently by AWS services

Custom Key Stores

KMS keys backed by dedicated CloudHSM clusters

Compliance & Certifications

This service is attested for the following frameworks. Always verify with the provider before relying on a specific compliance posture.

GDPRSOC 2ISO 27001HIPAAPCI DSSFedRAMP

Where this runs

38 regions
27 countries
5sovereign
Sovereign regions (5)
  • AWS GovCloud (US-East) · AshburnAWS GovCloud (US)
  • AWS GovCloud (US-West) · HillsboroAWS GovCloud (US)
  • AWS European Sovereign Cloud (Brandenburg) · BrandenburgAWS European Sovereign Cloud
  • China (Beijing) · BeijingAWS China (Sinnet)
  • China (Ningxia) · YinchuanAWS China (NWCD)
Commercial regions (33)

Europe (8)

  • Europe (Paris)
  • Europe (Frankfurt)
  • Europe (Ireland)
  • Europe (Milan)
  • Europe (Spain)
  • Europe (Stockholm)
  • Europe (Zurich)
  • Europe (London)

North America (7)

  • Canada West (Calgary)
  • Canada (Central)
  • Mexico (Central)
  • US East (N. Virginia)
  • US West (Oregon)
  • US East (Ohio)
  • US West (N. California)

South America (1)

  • South America (São Paulo)

Asia (11)

  • Asia Pacific (Hong Kong)
  • Asia Pacific (Hyderabad)
  • Asia Pacific (Mumbai)
  • Asia Pacific (Jakarta)
  • Asia Pacific (Osaka)
  • Asia Pacific (Tokyo)
  • Asia Pacific (Malaysia)
  • Asia Pacific (Singapore)
  • Asia Pacific (Seoul)
  • Asia Pacific (Taipei)
  • Asia Pacific (Thailand)

Oceania (2)

  • Asia Pacific (Melbourne)
  • Asia Pacific (Sydney)

Middle East (3)

  • Middle East (Bahrain)
  • Israel (Tel Aviv)
  • Middle East (UAE)

Africa (1)

  • Africa (Cape Town)

Tags

encryptionkeyscryptographysecuritycompliance

Equivalent services on other platforms

Azure Key VaultAzure

Centralised vault for cryptographic keys, secrets, and certificates with HSM-backed keys, managed certificate renewal, and RBAC or access-policy enforcement

Cloud KMSGCP

Cloud-hosted key management for encryption at rest with symmetric and asymmetric keys, customer-supplied keys, HSM-backed keys, and automatic rotation

Huawei Data Encryption Workshop (DEW)Huawei

Unified cryptographic services including Key Management Service for envelope encryption, Cloud Secret Management Service for secret storage and rotation, Key Pair Service for SSH key management, and Dedicated HSM for FIPS 140-2 Level 3 workloads

IBM Hyper Protect ServicesIBM

Confidential computing family built on IBM LinuxONE and Secure Execution for Linux — offers Hyper Protect Virtual Servers, Crypto Services with FIPS 140-3 Level 4 HSMs, and Database as a Service with customer-controlled keys that even IBM cannot access

Tencent Key Management ServiceTencent

Managed cryptographic key service with customer master keys (CMKs), envelope encryption for Tencent services, automatic and manual rotation, imported key material (BYOK), Managed HSM for single-tenant FIPS 140-2 Level 3 compliance, and audit logging via CloudAudit

Pricing

Pricing model:pay-as-you-go