Get startedGet started for free

Pick the right KMS key rotation strategy

Your security team requires that the AWS KMS customer-managed key protecting a sensitive DynamoDB table have its cryptographic material rotated regularly, without breaking the ability to decrypt data that was already encrypted with the older material. You want to meet this requirement with the least operational overhead.

Which KMS key rotation strategy should you use?

This exercise is part of the course

Deploying Applications on AWS

View Course

Hands-on interactive exercise

Turn theory into action with one of our interactive exercises

Start Exercise