aws:security:kms
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
| aws:security:kms [2025/12/28 06:46] – created phong2018 | aws:security:kms [2025/12/28 06:55] (current) – phong2018 | ||
|---|---|---|---|
| Line 19: | Line 19: | ||
| * “encrypt S3 objects with customer control” → SSE-KMS + customer-managed key. | * “encrypt S3 objects with customer control” → SSE-KMS + customer-managed key. | ||
| * “control who can decrypt” → KMS + key policy. | * “control who can decrypt” → KMS + key policy. | ||
| + | * “encrypt large files but centrally control decryption” → [[envelope-encrytion|Envelope Encryption]] + KMS data keys | ||
| **Hard words:** | **Hard words:** | ||
aws/security/kms.1766904402.txt.gz · Last modified: by phong2018