Encryption and decryption
The team has now acquired a more complete knowledge of IAM, their identities, their policies, and how they can be used to grant or deny permissions to diverse resources. But a final consideration has to be made – encryption, which is not done by IAM:
![](https://static.packt-cdn.com/products/9781804611425/graphics/image/Alex1.jpg)
Alex: I’d like to end the day with a very short description of encryption. Most data can be encrypted; sometimes, it is even mandatory, but it will be performed automatically, without you noticing it.
![](https://static.packt-cdn.com/products/9781804611425/graphics/image/Harold.jpg)
Harold: Are you talking about encryption in transit or encryption at rest?
![](https://static.packt-cdn.com/products/9781804611425/graphics/image/Alex1.jpg)
Alex: With many of the services in AWS, you can choose both.
![](https://static.packt-cdn.com/products/9781804611425/graphics/image/Raj.jpg)
Raj: I assume encryption is not provided by IAM. I didn’t see that on the documentation, and it seems a different feature. Probably a separate service?
![](https://static.packt-cdn.com/products/9781804611425/graphics/image/Alex1.jpg)
Alex: It is called KMS, short for Key Management Service.
![](https://static.packt-cdn.com/products/9781804611425/graphics/image/Raj.jpg)