Amazon KMS internal operations

Amazon Key Management Service (Amazon KMS) provides cryptographic keys and operations secured by FIPS 140-3 Security Level 3 validated hardware security modules (HSM) scaled for the cloud. Amazon KMS keys and functionality are used by multiple Amazon cloud services, and you can use them to protect data in your applications. This technical guide provides details on the cryptographic operations that are run within Amazon when you use Amazon KMS.

Amazon KMS internals are required to scale and secure HSMs for a globally distributed key management service.

Topics

Domains and domain state
Internal communication security
Replication process for multi-Region keys
Durability protection

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Permissions reference

Domains and domain state