KMS provides the following functions:
- Manages CMKs.
Using the KMS console or APIs, you can perform the following operations on CMKs:
- Creating, querying, enabling, disabling, scheduling the deletion of, and canceling the deletion of CMKs
- Importing CMKs and deleting CMK material
- Modifying the aliases and description of CMKs
- Creating, querying, and revoking a grant
- Adding, searching for, editing, and deleting tags
- Enabling key rotation
- Creates, encrypts, and decrypts DEKs, and retires a grant on a CMK.
By calling APIs, you can create, encrypt, and decrypt DEKs, and retire a grant on a CMK. For details, see the Key Management Service API Reference.
- Generates hardware true random numbers.
You can generate 512-bit hardware true random numbers using a KMS API. The 512-bit hardware true random numbers can be used as or serve as basis for keys and encryption parameters. For details, see the Key Management Service API Reference.