1. Home
  2. Mapping Frameworks
  3. AWS Home
  4. AWS Key Management Service

AWS aws_key_management_service

AWS Key Management Service (KMS) allows you to create and manage cryptographic keys and control their usage across a wide range of AWS services and in your applications. It uses hardware security modules that have been validated under FIPS 140-2.

Mappings

Capability ID Capability Description Category Value ATT&CK ID ATT&CK Name Notes
aws_key_management_service AWS Key Management Service protect minimal T1552 Unsecured Credentials
Comments
This control's protection is specific to a minority of this technique's sub-techniques and procedure examples resulting in a Minimal Coverage score and consequently an overall score of Minimal.
References
  1. https://aws.amazon.com/kms/
  2. https://docs.aws.amazon.com/kms/latest/developerguide/overview.html
aws_key_management_service AWS Key Management Service protect partial T1552.001 Credentials In Files
Comments
This service provides a more secure alternative to storing encryption keys in the file system. As a result of this service only supporting cryptographic keys and not other types of credentials, the coverage score is assessed as Partial resulting in an overall Partial score.
References
    aws_key_management_service AWS Key Management Service protect significant T1552.004 Private Keys
    Comments
    This service allows for securely storing encryption keys and enforcing fine-grained access to the keys. The service does not allow anyone access to retrieve plaintext keys from the service.
    References
      aws_key_management_service AWS Key Management Service protect partial T1588 Obtain Capabilities
      Comments
      Provides protection against sub-techniques involved with stealing credentials, certificates, and keys from the organization. As documented, access can be provisioned and monitored.
      References
      1. https://aws.amazon.com/kms/
      2. https://docs.aws.amazon.com/kms/latest/developerguide/overview.html
      aws_key_management_service AWS Key Management Service protect partial T1588.003 Code Signing Certificates
      Comments
      The encryption key for the certificate can be stored in KMS, reducing its attack surface. Score is capped at Partial because adversaries can still misuse keys/certs if KMS and KMS resources are compromised.
      References
        aws_key_management_service AWS Key Management Service protect partial T1588.004 Digital Certificates
        Comments
        The encryption key for the certificate can be stored in KMS, reducing its attack surface. Score is capped at Partial because adversaries can still misuse keys/certs if KMS and KMS resources are compromised.
        References