Wiki.Quizz.vn

User Tools

Site Tools

Trace:
aws:security:kms

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
aws:security:kms [2025/12/28 06:52] phong2018aws:security:kms [2025/12/28 06:55] (current) phong2018
Line 12: Line 12:
   * Two main types of keys (common in exams):   * Two main types of keys (common in exams):
     * [[aws:security:kms:aws-managed-vs-customer-managed|AWS-managed keys vs Customer-managed keys]]     * [[aws:security:kms:aws-managed-vs-customer-managed|AWS-managed keys vs Customer-managed keys]]
-  * Access is controlled by:[[.:kms:envelope-encryption|aws:security:kms:envelope-encryption]]+  * Access is controlled by:
     * [[aws:security:kms:key-policy|Key Policy]]     * [[aws:security:kms:key-policy|Key Policy]]
     * IAM policies (for the caller)     * IAM policies (for the caller)
Line 19: Line 19:
   * “encrypt S3 objects with customer control” → SSE-KMS + customer-managed key.   * “encrypt S3 objects with customer control” → SSE-KMS + customer-managed key.
   * “control who can decrypt” → KMS + key policy.   * “control who can decrypt” → KMS + key policy.
-  * “encrypt large files but centrally control decryption” → Envelope Encryption + KMS data keys+  * “encrypt large files but centrally control decryption” → [[envelope-encrytion|Envelope Encryption]] + KMS data keys
  
 **Hard words:** **Hard words:**
aws/security/kms.1766904774.txt.gz · Last modified: by phong2018