Table of Content

Cybersecurity Frameworks

Key Management Interoperability Protocol

What services does Amazon Web Services (AWS) Provide?

Amazon Web Services

What is Amazon Web Services (AWS)?

Amazon Web Services (AWS) is a widely recognized and highly popular cloud computing platform provided by Amazon, one of the world’s leading e-commerce and technology companies. AWS offers comprehensive cloud services, including computing power, storage, databases, machine learning, analytics, content delivery, and more. These services are designed to help individuals, businesses, and organizations build and scale applications, manage data, and run various workloads in a flexible, cost-effective, and secure manner.

AWS is renowned for its global presence, high availability, and extensive network of data centers, which provide low latency and reliable cloud infrastructure. It is widely adopted by businesses of all sizes and industries, from startups and enterprises to public sector organizations. AWS’s wide array of services and resources makes it a dominant player in the cloud computing industry, alongside other major cloud providers like Microsoft Azure and Google Cloud Platform.

Services provided by Amazon Web Services(AWS)

  • Master Key Types

    When it comes to cryptographic keys, AWS provides a robust lineup. You have the option to choose from 2048, 3072, and 4096-bit RSA asymmetric master keys. But here’s the kicker – AWS stands out as one of the few Cloud Service Providers (CSPs) to offer 256-bit symmetric master keys, which adds a layer of flexibility to your encryption strategies.

  • Encryption Modes

    AWS doesn’t disappoint when it comes to encryption methods. It offers both symmetric and asymmetric options. You can rely on Advanced Encryption Standard Galois/Counter Mode (AES GCM), a secure and efficient choice for symmetric encryption. RSA Optimal Asymmetric Encryption Padding (OAEP) covers asymmetric encryption, ensuring your sensitive data remains impenetrable.

  • Plaintext Size Limits

    AWS allows for a generous plaintext size limit of 4KB. This capacious limit caters to a wide range of data encryption needs, accommodating the demands of different applications and use cases.

  • Bring Your Own Key (BYOK) Options

    AWS offers a Bring Your Own Key (BYOK) solution for organisations seeking greater control over their cryptographic keys. The process is well-defined: import and securely wrap the key before using it in the AWS environment. Remember that the exact procedures and requirements for BYOK may have evolved, so it’s wise to consult AWS’s latest documentation for precise details.

  • Signature Modes

    Data integrity during transmission is paramount. AWS provides several signature methods to ensure this, including RSA-PSS, RSA PKCS#1V1.5, and ECDSA with multiple curves. These methods ensure the authenticity and integrity of your data, guaranteeing that it remains unaltered during transit or storage. with P-256, ECDSA with P-512, ECDSA with SECP-256k1. and ECDSA with P-384 signature methods.

  • Cloud HSM Compliance

    Security and compliance go hand in hand in the cloud. AWS KMS HSM adheres to FIPS 140-2 Level 2 compliance, ensuring robust security for your keys. AWS Custom Keystore CloudHSM also takes it up a notch, complying with FIPS 140-2 Level 3. These certifications are vital for organizations with stringent security and compliance requirements.

  • Amazon KMS Features

    AAWS KMS offers a managed service within the AWS cloud for key storage. What sets it apart is that customers and AWS services can access keys stored in this manner. The service is FIPS 140-2 Level 2 compliant, ensuring top-tier security. AWS KMS supports symmetric and asymmetric keys, covering RSAES_OAEP_SHA_1 and RSAES_OAEP_SHA_256 encryption algorithms with RSA 2048, 3072, and 4096 key types. While these encryption algorithms aren’t compatible with elliptic curve key types, AWS KMS readily supports ECDSA_SHA_256, ECDSA_SHA_384, and ECDSA_SHA_512 signing algorithms when elliptic curve key types are in play. AWS KMS isn’t just about encryption – it offers limited key management, storage, auditing capabilities, and more.

  • Amazon Cloud HSM Features

    AWS CloudHSM takes key storage to a whole new level. It offers a dedicated hardware appliance in the AWS cloud, and here’s the kicker – this key storage is solely accessible by you, the customer. This level of control is a game-changer, ensuring your keys remain in your hands and not within the purview of the Cloud Service Provider. AWS CloudHSM is FIPS 140-2 Level 3 compliant, going the extra mile regarding security. It supports various key types and curves, making it suitable for various encryption scenarios. Moreover, it excels in key management, storage, auditing, and can be the Root of Trust for Public Key Infrastructures (PKIs).


Amazon Web Services (AWS) stands as a monster in cloud computing, providing a vast and diverse set of services for users of all backgrounds and industries. Whether you are a developer, data scientist, IT administrator, or business owner, AWS’s extensive offerings ensure you have the tools and resources to fulfil your unique requirements. As the cloud computing industry evolves, AWS remains at the forefront, empowering individuals and organizations to innovate, scale, and succeed in the digital age.

Encryption Consulting’s AWS Data Protection Services encompass a wide range of offerings tailored to address various security aspects within the AWS ecosystem. Our team of experienced professionals works closely with you to understand your unique requirements and develop customized solutions that align with your business goals and compliance mandates.

Explore the full range of services offered by Encryption Consulting.

Feel free to schedule a demo to gain a comprehensive understanding of all the services Encryption Consulting provides.

Request a demo