AWS IAM Identity Center now supports customer-managed KMS keys for encryption at rest
AWS News Blog
AWS IAM Identity Center now supports customer-managed KMS keys for encrypting identity data at rest, providing organizations with more control over encryption key management.
- Customers can use their own AWS KMS keys to encrypt user and group attributes
- Supports both single-Region and multi-Region encryption keys
- Provides full control over key lifecycle, including creation, rotation, and deletion
- Enables granular access controls and detailed AWS CloudTrail logging
- Available in all AWS commercial, GovCloud, and China Regions
Key considerations include verifying key permissions, checking AWS managed application compatibility, and configuring appropriate IAM policies to prevent service disruption.
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Sep 23
2025
2025
AWS IAM Identity Center organization instances now support customer-managed KMS keys for encryption at rest
Nov 6
2025
2025
AWS Backup now supports AWS KMS customer managed keys with logically air-gapped vaults
Aug 22
2025
2025
AWS IoT Core now supports customer-managed keys
Oct 23
2024
2024
AWS IAM Identity Center simplifies calls to AWS services with single identity context
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.