How to Share KMS Keys Across Multiple Accounts Using AWS KMS
This lesson looks at how you can use the same Customer Master Keys (CMKs) for encryption across multiple AWS accounts using the Key Management Service. It will define the key principles and components required to share the CMKs in addition to a demonstration on how to carry out those actions.
Learning Objectives
By the end of this lesson, you will have the knowledge and understanding of how to share your CMKs used within the AWS Key Management Service service across each of your AWS accounts, allowing you to implement encryption using the same keys
Intended Audience
This lesson has been created for security engineers and architects who are responsible for managing and implementing data encryption methods across AWS accounts.
Prerequisites
To get the most from this lesson you should be familiar with the Key Management Service and IAM permissions and JSON policies. For more information relating to both AWS IAM and KMS, please see our existing lessons here:
Identity & Access Management (IAM)