Security Consultant
From Nov 2019, KMS supports Asymmetric keys too, https://aws.amazon.com/blogs/security/digital-signing-asymmetric-keys-aws-kms/.
I don’t understand what it means to be said that KMS is for Symmetric keys only, and if we need asymmetric keys, we need CloudHSM.
This was already updated in the relevant section of the course. However, the key difference is regarding the export option for keys and regulatory requirements. CloudHMS is meant for highest level of FIPS certification requirements.