This integration guide covers integration between the KMES Series 3 and AWS Cloud Key Management.

AWS Key Management Service (KMS) enables you to create, manage, and use cryptographic keys in AWS services and your applications. It is a secure and resilient service and integrates with AWS CloudTrail to provide logs of all key usage to help meet your regulatory and compliance needs.

Refer to the following URL for more information about AWS KMS: https://docs.aws.amazon.com/kms/index.html

Customer-managed keys are KMS keys in your AWS account that you create, own, and manage. You have full control over these KMS keys, including establishing and maintaining their key policies, IAM policies, and grants, enabling and disabling them, rotating their cryptographic material, adding tags, creating aliases that refer to the KMS keys, and scheduling the KMS keys for deletion.

Customer-managed keys appear on the Customer Managed Keys page of the AWS Management Console for AWS KMS.

The customer-managed keys feature also enables you to import existing symmetric keys into AWS KMS. Thus, for this integration, you can create symmetric HSM Protected Keys on a KMES Series 3 device and then push those keys to the AWS KMS from the KMES application interface.

You can use keys pushed to AWS KMS with the following services inside AWS:

AWS KMS also has its own API that you can use with your applications to access and use keys stored in AWS KMS.

For this integration, create and store keys on the KMES Series 3, synchronized to AWS KMS, and then subsequently manage them through the KMES application interface.

The AWS KMS and KMES Series 3 integration provides the following benefits:

To integrate KMES Series 3 with AWS Cloud Key Management, you must perform the following tasks:

The following sections describe how to perform these tasks and how to monitor their progress and audit logs.