Dedicated Key Management Service (KMS) is a key management service that you can fully manage. Before you can use the features of Dedicated KMS, you must purchase and configure a dedicated KMS instance.

Prerequisites

Two hardware security module (HSM) instances that reside in different zones are purchased. An HSM cluster is created and activated. For more information about how to purchase an HSM instance, see Create an HSM instance.
Note You can create only an HSM instance of the GVSM type.

Background information

To purchase a dedicated KMS instance, you can use one of the following methods:
  • Log on to the KMS console, click Dedicated KMS in the left-side navigation pane, and then click Purchase Dedicated KMS. This topic describes this method.
  • Go to the KMS buy page to purchase a dedicated KMS instance.

Procedure

  1. Log on to the KMS console.
  2. In the upper-left corner of the page, select the region where you want to purchase a dedicated KMS instance.
    For more information about the regions that support Dedicated KMS, see Supported regions.
  3. In the left-side navigation pane, click Dedicated KMS.
  4. Click Purchase Dedicated KMS.
  5. On the KMS buy page, configure the following parameters:
    • Product Type: Select Dedicated KMS (Subscription).
    • Region: Select the region where you want to purchase a dedicated KMS instance.
    • Instance Type: Select Standard.
    • Quantity: Specify the number of instances that you want to purchase. You can purchase up to 20 instances at a time.
    • Subscription Period: Select the subscription period for your instance. Valid values: 1 Month, 2 Months, 6 Months, 1 Year, and 2 Years.
      Note You can select Auto-renewal. This way, your instance is automatically renewed when it expires.
  6. Confirm the total configuration cost and click Buy Now.
  7. On the Confirm Order page, select I have read and agree to Dedicated KMS (International) Agreement of Service. Then, click Pay.
  8. On the Purchase page, configure Payment Method and click Subscribe.
    After you complete the payment, the new instance appears in the list of dedicated KMS instances, and Not Connected is displayed in the Status column of the instance. Before you can use the dedicated KMS instance, you must configure it.