How Amazon services use Amazon KMS - Amazon Key Management Service
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

How Amazon services use Amazon KMS

Many Amazon services use Amazon KMS to support encryption of your data. When an Amazon service is integrated with Amazon KMS, you can use the Amazon KMS keys in your account to protect the data that the service receives, stores, or manages for you. For the complete list of Amazon services integrated with Amazon KMS, see Amazon Service Integration.

The following topics discuss in detail how particular services use Amazon KMS, including the KMS keys they support, how they manage data keys, the permissions they require, and how to track each service's use of the KMS keys in your account.


Amazon services that are integrated with Amazon KMS use only symmetric encryption KMS keys to encrypt your data. These services do not support encryption with asymmetric KMS keys. For help determining whether a KMS key is symmetric or asymmetric, see Identifying asymmetric KMS keys.