Encryption of data at rest - KMS

AWS services that store data enable you to encrypt your data using Server Side Encryption, so that the customer effort is minimal, that’s why Werner Vogels, Amazon.com CTO often says “Encrypt everything”.

In organizations that handle sensitive data, it is often required to use your own encryption key instead of using AWS encryption keys. For them we provide a service called AWS Key Management Service:

If you require a dedicated Hardware Security Module for your organization, AWS CloudHSM is a service that gives you dedicated cloud-based HSMs.

Additional information in the following whitepaper

https://d1.awsstatic.com/whitepapers/KMS-Cryptographic-Details.pdf