First of all, great visual representation of how the KMS works on high level! Very helpful! I have a question. On the diagram, an admin puts CMK into KMS. Is CMK a generally known name or is it pretty generic? How many of these CMK can be put into KMS? If more than one, how it is decided, which CMK is used by an app to do the encryption/decryption?
And also, even if there is only one CMK in KMS, does it mean that for each encryption request, there is new data-key created for the data encryption itself?
And thanks a lot, this is very helpful course, very understandable!