AWS Key Management Service
E293760
AWS Key Management Service is a managed cloud service that enables users to create, control, and securely use cryptographic keys for protecting data across AWS applications and services.
All labels observed (2)
| Label | Occurrences |
|---|---|
| AWS Key Management Service canonical | 10 |
| AWS KMS | 3 |
How this entity was disambiguated
This entity first appeared as the object of triple T2714030 — resolving that mention is where its identity was fixed. The disambiguator weighed these candidate entities and picked the highlighted one (or “None”, minting a new entity). This is how homonymy is resolved: the same surface form can point to different entities.
Target entity: AWS Key Management Service Context triple: [Amazon Web Services, offersService, AWS Key Management Service]
-
A.
Cloud Key Management Service
Cloud Key Management Service is a Google Cloud offering that lets organizations securely create, manage, and use cryptographic keys for protecting their data and services.
-
B.
Azure Key Vault
Azure Key Vault is a Microsoft Azure cloud service that securely stores and manages cryptographic keys, secrets, and certificates for protecting applications and data.
-
C.
AWS
AWS is a train protection and warning system used on railways to alert drivers to signal aspects and speed restrictions, enhancing operational safety.
-
D.
Aws
Aws was one of the major Arab tribes of Medina that played a pivotal role in supporting Prophet Muhammad and the early Muslim community after the Hijrah.
-
E.
Amazon DynamoDB
Amazon DynamoDB is a fully managed, serverless NoSQL database service by AWS designed for high-performance, scalable key-value and document data storage.
- F. None of above. chosen
- G. Unsure - the case is ambiguous/there is not enough information to decide.
Target entity: AWS Key Management Service Target entity description: AWS Key Management Service is a managed cloud service that enables users to create, control, and securely use cryptographic keys for protecting data across AWS applications and services.
-
A.
Cloud Key Management Service
Cloud Key Management Service is a Google Cloud offering that lets organizations securely create, manage, and use cryptographic keys for protecting their data and services.
-
B.
Azure Key Vault
Azure Key Vault is a Microsoft Azure cloud service that securely stores and manages cryptographic keys, secrets, and certificates for protecting applications and data.
-
C.
AWS
AWS is a train protection and warning system used on railways to alert drivers to signal aspects and speed restrictions, enhancing operational safety.
-
D.
Aws
Aws was one of the major Arab tribes of Medina that played a pivotal role in supporting Prophet Muhammad and the early Muslim community after the Hijrah.
-
E.
Amazon DynamoDB
Amazon DynamoDB is a fully managed, serverless NoSQL database service by AWS designed for high-performance, scalable key-value and document data storage.
- F. None of above. chosen
Statements (126)
| Predicate | Object |
|---|---|
| instanceOf |
AWS service
ⓘ
cloud key management service ⓘ cryptographic key management system ⓘ |
| accessControlledBy |
IAM policies
ⓘ
grants ⓘ key policies ⓘ |
| alsoKnownAs |
AWS Key Management Service
ⓘ
surface form:
AWS KMS
|
| billingModel | pay-as-you-go ⓘ |
| chargesFor |
API requests
ⓘ
key creation ⓘ key storage ⓘ |
| consoleURL | https://console.aws.amazon.com/kms ⓘ |
| deploymentModel | managed service ⓘ |
| developedBy | Amazon Web Services ⓘ |
| documentationURL | https://docs.aws.amazon.com/kms/latest/developerguide/overview.html ⓘ |
| hasFeature |
CloudTrail logging of key usage
ⓘ
FIPS endpoints ⓘ HMAC generation and verification ⓘ VPC endpoint support ⓘ XKS (external key store) integration ⓘ aliases ⓘ asymmetric encryption and decryption ⓘ asymmetric signing ⓘ automatic key rotation ⓘ cross-account key access ⓘ data key caching ⓘ data keys ⓘ envelope encryption ⓘ fine-grained IAM permissions ⓘ grants ⓘ grants for temporary access ⓘ imported key material ⓘ key deletion scheduling ⓘ key disable and enable operations ⓘ key material expiration for imported keys ⓘ key origin tracking ⓘ key policies ⓘ key policy conditions ⓘ key rotation ⓘ key tags ⓘ manual key rotation ⓘ multi-Region key replication ⓘ multi-Region primary and replica keys ⓘ public key export for asymmetric keys ⓘ region-specific keys ⓘ |
| integratesWith |
AWS Backup
ⓘ
AWS Certificate Manager ⓘ AWS CloudFormation ⓘ Cloud HSM ⓘ
surface form:
AWS CloudHSM
AWS CloudTrail ⓘ AWS CodeBuild ⓘ AWS CodePipeline ⓘ AWS Config ⓘ AWS DataSync ⓘ AWS Direct Connect ⓘ AWS Glue ⓘ AWS Identity and Access Management ⓘ AWS IoT Core ⓘ AWS Key Management Service multi-Region keys ⓘ AWS Lambda ⓘ AWS Organizations ⓘ AWS Secrets Manager ⓘ AWS Security Hub ⓘ AWS Snowball ⓘ AWS Step Functions ⓘ AWS Storage Gateway ⓘ AWS Systems Manager ⓘ AWS Transfer Family ⓘ AWS WAF ⓘ Amazon Aurora ⓘ Amazon CloudWatch ⓘ
surface form:
Amazon CloudWatch Logs
Amazon DynamoDB ⓘ Amazon EBS ⓘ Amazon ECR ⓘ Amazon EFS ⓘ Amazon EMR ⓘ Amazon ECS ⓘ
surface form:
Amazon Elastic Container Service
Amazon Elastic Kubernetes Service ⓘ Amazon Elastic Transcoder ⓘ Amazon FSx ⓘ Amazon GuardDuty ⓘ Amazon Kinesis ⓘ Amazon MSK ⓘ Amazon Macie ⓘ Amazon OpenSearch Service ⓘ Amazon QuickSight ⓘ Amazon RDS ⓘ Amazon Redshift ⓘ Amazon S3 ⓘ Amazon SNS ⓘ Amazon SQS ⓘ Amazon SageMaker ⓘ Amazon WorkSpaces ⓘ |
| offers |
data key generation APIs
ⓘ
decryption APIs ⓘ digital signature APIs ⓘ encryption APIs ⓘ message authentication code APIs ⓘ |
| primaryFunction |
control access to cryptographic keys
ⓘ
create cryptographic keys ⓘ manage cryptographic keys ⓘ perform cryptographic operations ⓘ store cryptographic keys ⓘ |
| providedBy | Amazon Web Services ⓘ |
| regionScope | regional service ⓘ |
| securityProperty |
integrated auditing via CloudTrail
ⓘ
keys protected by HSMs ⓘ never exposes plaintext CMKs outside HSMs ⓘ |
| supports |
AWS managed keys
ⓘ
AWS owned keys ⓘ CloudHSM key stores ⓘ ECC key pairs ⓘ FIPS 140-2 validated HSMs ⓘ HMAC keys ⓘ RSA key pairs ⓘ asymmetric encryption keys ⓘ custom key stores ⓘ customer managed keys ⓘ multi-Region keys ⓘ symmetric encryption keys ⓘ |
| usedFor |
centralized key management
ⓘ
data-at-rest encryption ⓘ data-in-transit protection with integrated services ⓘ digital signatures ⓘ regulatory compliance support ⓘ |
| uses | hardware security modules ⓘ |
How these facts were elicited
The pipeline generated the facts above by prompting gpt-5.1 with this entity's name + description and the instruction below.
You are a knowledge base construction expert. Given a subject entity and a description of it, return factual statements that you know for the subject as a JSON list of dictionaries(triples), where keys must be "subject", "predicate" and "object". The number of facts may be very high, between 25 to 50 or more, for very popular subjects. For less popular subjects, the number of facts can be very low, like 5 or 10. # Requirements - If you don't know the subject at all, return an empty list. - If the subject is not a named entity, return an empty list. - Include at least one triple where predicate is "instanceOf". - Do not get too wordy. - Separate several objects into multiple triples with one object.
Subject: AWS Key Management Service Description of subject: AWS Key Management Service is a managed cloud service that enables users to create, control, and securely use cryptographic keys for protecting data across AWS applications and services.
Referenced by (13)
Full triples — surface form annotated when it differs from this entity's canonical label.