Key Management

Amazon DocumentDB uses Amazon Key Management Service (Amazon KMS) to retrieve and manage encryption keys. Amazon KMS combines secure, highly available hardware and software to provide a key management system scaled for the cloud. Using Amazon KMS, you can create encryption keys and define the policies that control how these keys can be used. Amazon KMS supports Amazon CloudTrail, so you can audit key usage to verify that keys are being used appropriately.

Your Amazon KMS keys can be used in combination with Amazon DocumentDB and supported Amazon services such as Amazon Simple Storage Service (Amazon S3), Amazon Relational Database Service (Amazon RDS), Amazon Elastic Block Store (Amazon EBS), and Amazon Redshift. For a list of services that support Amazon KMS, see How Amazon Services use Amazon KMS in the Amazon Key Management Service Developer Guide. For information about Amazon KMS, see What is Amazon Key Management Service?

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Encrypting Data in Transit

Identity and Access Management