0PricingLogin
AWS Security Academy · Lesson

Symmetric, Asymmetric, and Multi-Region Keys

Compare key types and how rotation, aliases, and replication work.

Two Cryptographic Families

KMS supports both symmetric and asymmetric keys.

  • Symmetric: one key both encrypts and decrypts.
  • Asymmetric: a public/private key pair.

Each suits different needs, and choosing correctly is a common exam theme.

Symmetric Keys

Symmetric keys use one secret key (AES-256) for both encrypting and decrypting.

  • They are the default and most common in AWS.
  • Nearly all service integrations (S3, EBS, RDS) use symmetric keys.

The key never leaves KMS, so both parties call KMS rather than sharing the key.

All lessons in this course

  1. What KMS Keys Are and Do
  2. Symmetric, Asymmetric, and Multi-Region Keys
  3. Key Policies, Grants, and Conditions
  4. Envelope Encryption and Data Keys
← Back to AWS Security Academy