Too Long; Didn't Read
AWS KMS is a managed service that allows the creation, management, and control of the ENCRYPTION keys and it uses HSMs to protect the security of the keys. It’s a multi-tenant hardware. It doesn’t have any upfront cost and pay-as-you-go model. It supports Symmetric and Asymmetric keys. By default, Amazon KMS creates the key material for a KMS key. You cannot extract, export, view, or manage this key material.