The following table describes the APIs that you can call in different scenarios.
Category | Subcategory | Description | API | Difference |
---|---|---|---|---|
Customer master key (CMK) | CMK management | Manages a CMK throughout its lifecycle and queries information about a CMK. | KMS API | None. |
CMK version management | Rotates a CMK and queries information about a CMK version. | |||
Alias management | Manages an alias throughout its lifecycle and queries information about an alias.
An alias is an independent object in KMS. An alias must be bound to a unique CMK.
You can set the |
|||
Cryptographic operation | Uses keys to perform cryptographic operations, such as data encryption and decryption. |
|
||
Secrets Manager | Secrets management | Manages, protects, distributes, and rotates secrets. | KMS API | None. |
Secret query | Queries a secret value. |
|
||
Certificates Manager | Certificate management | Creates, deletes, and updates a certificate, queries information about a certificate, and generates and verifies a signature. | KMS API | None |
Others | Tag management | Manages the tag that is associated with a resource throughout the lifecycle of the tag and queries the tags of a specified resource. | ||
Common operations | Activates KMS and queries the status of KMS instances and available regions. |