Issue link: https://read.uberflip.com/i/1191854
Amazon Web Services Navigating GDPR Compliance on AWS 22 these services. AWS KMS is also integrated with AWS CloudTrail to provide you with logs of all your key usage for your regulatory and compliance needs. You can easily create, import, and rotate keys, as well as define usage policies and audit usage from the AWS Management Console or by using the AWS SDK or AWS Command Line Interface (AWS CLI). The master keys in AWS KMS, whether imported by you or created on your behalf by AWS KMS and known as customer master keys (CMKs), are stored in highly durable storage in an encrypted format to help ensure that they can be used when needed. You can choose to have AWS KMS automatically rotate CMKs created in AWS KMS once per year without having to re-encrypt data that has already been encrypted with your master key. You don't need to keep track of older versions of your CMKs because AWS KMS keeps them available to automatically decrypt previously encrypted data. For any CMK in KMS, you can control who has access to those keys and which services they can be used with through a number of access controls, including grants, and key policy conditions within key policies or IAM policies. You can also import keys from your own key management infrastructure and use them in KMS. For example, the following policy uses the kms:ViaService condition to allow a customer managed CMK to be used for the specified actions only when the request comes from Amazon EC2 or Amazon RDS in a specific Region (us-west-2) on behalf of a specific user (ExampleUser). Figure 7 – Example of a policy for Amazon KMS