AWS cryptographic services and tools
AWS's cryptographic services utilize a wide range of encryption and storage technologies that can assure the integrity of your data at rest or in transit. AWS offers several tools for cryptographic operations:
-
AWS CloudHSM provides hardware security modules (HSMs) that can securely store a variety of cryptographic keys, including root keys and data keys.
-
AWS Key Management Service (KMS) provides tools for generating root keys and other data keys. AWS KMS also interacts with many other AWS services to encrypt their service-specific data.
-
AWS Encryption SDK provides a client-side encryption library for implementing encryption and decryption operations on all types of data.
-
AWS Database Encryption SDK provides a client-side encryption library for encrypting data tables before sending them to a database service, such as Amazon DynamoDB.
-
AWS Secrets Manager provides encryption and rotation of encrypted secrets used with AWS-supported databases
.
Many AWS services rely on these cryptographic services during data transfer or storage. For a list of such services and an overview of how they use cryptographic practices, see Other AWS Services.
AWS cryptographic services comply with a wide range of cryptographic security standards,
making it easy for you to protect your data without worrying about governmental or
professional regulations. For a full list of AWS data security standard compliances, see
AWS Compliance
Programs