Questions

1. What is a cloudhsm in kms? Use AWS CloudHSM when you need to manage the hardware security modules (HSMs) that generate and store your encryption keys. In AWS CloudHSM, you create and manage HSMs, including creating users and setting their permissions. You also create the symmetric keys and asymmetric key pairs that the HSM stores.

Features

• Think of KMS as an additional layer of authentication and authorization.
• If a client cannot access the AWS KMS, the public key from an asymmetrical key pair can be used to encrypt the data. The data can then be encrypted by the AWS KMS that has the private key. Ref https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.htm