What is AWS KMS?

AWS KMS (Key Management Service) is a managed service that makes it easy to create and control encryption keys used to encrypt data. It provides centralized control over cryptographic keys and integrates with most AWS services for data encryption. KMS uses Hardware Security Modules (HSMs) to protect keys and supports automatic key rotation. You can audit key usage through CloudTrail and define key policies to control access. KMS supports both AWS-managed keys and customer-managed keys, and allows importing your own key material. It helps meet compliance requirements and provides envelope encryption for large data volumes.