AWS Key Management Service (KMS)
AWS KMS makes it easy for you to create and manage cryptographic keys and control their use across a wide range of AWS services and in applications.
AWS KMS is a secure and resilient service that uses hardware security or are in the process of being validated, to protect your keys.
AWS KMS is integrated with AWS CloudTrail to provide you with logs of all key usage to help meet your regulatory and compliance needs.
You control access to your encrypted data by defining permissions to use keys while AWS KMS enforces your permissions and handles the durability and physical security of your keys.
AWS KMS is integrated with AWS CloudTrail to record all API requests,
including key management actions and usage of your keys. Logging API requests helps you manage risk, meet compliance requirements and conduct forensic analysis.
There is no commitment and no upfront charges to use AWS KMS. You only pay US $1/month to store any key that you create.
Digitally sign data
AWS KMS enables you to perform digital signing operations using asymmetric key pairs to ensure the integrity of your data.