KMS key points

- [Instructor] Some important things…to remember regarding KMS are…KMS integrates with S3, EVS, Redshift, RDS,…and other services to make it really simple…to manage encryption keys…that you can use in those services.…KMS keys are regional-specific, and they cannot be exported.…In order to delete a key, it needs to be scheduled…with a wait period of no less than seven days.…If you need to, you can import your own keys…and manage them through KMS,…just select your user access keys.…

KMS key rotation is a good practice, and it can be automated…with the enable-key-rotation API call.…All keys have a policy associated…in order to define who can manage the key,…that is, delete it, change it, or disable it,…and who can use the key, as in,…use it to encrypt and decrypt data.…This was a very short lesson,…since you won't likely use this service directly,…but more indirectly with another AWS service.…Just like IAM, this is a service that you need…to be aware of because encryption of data…in the cloud is not only a best practice,…