The following table describes the APIs that you can call in different scenarios.
Category | Subcategory | Description | API | Difference |
Customer master key (CMK) | CMK management | Manages a CMK throughout its lifecycle and queries information about a CMK. | None. | |
CMK version management | Rotates a CMK and queries information about a CMK version. | |||
Alias management | Manages an alias throughout its lifecycle and queries information about an alias. An alias is an independent object in KMS. An alias must be bound to a unique CMK. You can set the | |||
Cryptographic operation | Uses keys to perform cryptographic operations, such as data encryption and decryption. |
| ||
Secrets Manager | Secrets management | Manages, protects, distributes, and rotates secrets. | None. | |
Secret query | Queries a secret value. |
| ||
Certificates Manager | Certificate management | Creates, deletes, and updates a certificate, queries information about a certificate, and generates and verifies a signature. | None | |
Others | Tag management | Manages the tag that is associated with a resource throughout the lifecycle of the tag and queries the tags of a specified resource. | ||
Common operations | Activates KMS and queries the status of KMS instances and available regions. |