Certified Security - Specialty

Sign Up Free or Log In to participate!

Diiference between AWS managed key and customer managed key

Ryan had discussed AWS KMS managed key and customer managed key where he adds OpenSSL generated key material.  So from that perspective, it makes sense that auto key rotation for customer generated+openSSL material is not available.

But in this lecture, it seems that there is a 3rd variation of a key? — it is customer managed but AWS provides the key material? You lost me there.

1 Answers

Yes, that’s the third one. It is called an AWS Managed CMK in the documentation, or "Customer Managed" in his slide.

It allows shorter automatic rotation (1 year), and the ability to manually manage, rotate and delete keys.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?