AWS KMS Best Practices: Securing the Secret Ingredients of Your Infrastructure
AWS KMS gives you three flavors of encryption keys. For anything resembling production, CMKs are the only real choice. This post covers key granularity, aliases, ransomware shields, and cross-account access patterns.