Security best practices for Amazon Key Management Service - Amazon Key Management Service
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Security best practices for Amazon Key Management Service

Amazon Key Management Service (Amazon KMS) supports many security features that you can implement to enhance the protection of your encryption keys, including key policies and IAM policies, an encryption context option for cryptographic operations on symmetric encryption keys, an extensive set of condition keys to refine your key policies and IAM policies, and grant constraints to limit grants.

These security features are described in detail in Amazon Key Management Service Best Practices (PDF). The general guidelines in this technical paper do not represent a complete security solution. Because not all best practices are appropriate for all situations, these are not intended to be prescriptive.

See also