AWS Key Management Service (KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data. It is also integrated with AWS CloudTrail to provide you with logs of all key usage to help meet your regulatory and compliance needs. Also, it can help you implement key rotation policies with reasonable ease.