Key management
You can use Amazon-managed keys or customer managed keys (CMKs) to encrypt your QuickSight datasets that are stored in SPICE. All non-customer managed keys associated with Amazon QuickSight are managed by Amazon.
Database server certificates that are not managed by Amazon are the responsibility of the customer and should be signed by a trusted CA. For more information, see Network and database configuration requirements.
Use the topics below to learn more about customer managed keys in QuickSight.