Ends in
00
days
00
hrs
00
mins
00
secs
SHOP NOW

🚀 25% OFF All Practice Exams, Video Courses, & eBooks – Cyber Sale Extension!

Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Security – Specialty AWS KMS BYOK and custom key stores Reply To: AWS KMS BYOK and custom key stores

  • Carlo-TutorialsDojo

    Member
    March 22, 2022 at 3:46 am

    Hello konker,

    Thanks for your feedback.

    Your understanding of custom key stores is correct. There are 3 key origins to choose from when creating a KMS key: KMS, External (import your own), and custom key store (CloudHSM). When I created this question, I imagined a scenario in which KMS keys are to be generated from key materials generated by a CloudHSM cluster — a setup similar to the one described in this blog, except that the cluster is to be maintained rather than deleted. This is technically possible, but it foregoes the advantage of easy integration with other services such as Amazon S3. So the best possible answer in the scenario’s case is to just create a CloudHSM-backed KMS key. We will revise this item.

    Let me know if you have further questions.

    Regards,

    Carlo @ Tutorials Dojo

Skip to content