Enhancing Security and Control: Amazon Managed Service for Apache Flink Now Supports Customer Managed Keys (CMK)
Seattle, WA – August 20, 2025 – Amazon Web Services (AWS) today announced a significant enhancement to its managed service for real-time data processing: Amazon Managed Service for Apache Flink now proudly supports Customer Managed Keys (CMK). This important update empowers customers with even greater control over their data security and compliance by allowing them to use their own encryption keys to protect data within Amazon Managed Service for Apache Flink.
For organizations leveraging the power of Apache Flink for real-time analytics, stream processing, and building sophisticated event-driven applications, data security is paramount. The introduction of CMK support directly addresses this need, offering a robust solution for customers who are subject to strict regulatory requirements or who simply wish to maintain granular control over their encryption keys.
What does CMK Support Mean for Amazon Managed Service for Apache Flink users?
Previously, Amazon Managed Service for Apache Flink encrypted customer data at rest using AWS-managed keys. While this provided a strong foundation for data protection, the new CMK integration allows customers to:
- Leverage their own AWS KMS Keys: Customers can now specify their own AWS Key Management Service (KMS) keys to encrypt the data stored by Amazon Managed Service for Apache Flink. This includes data stored in internal storage, checkpointing mechanisms, and any other data at rest managed by the service.
- Enhance Compliance and Governance: For industries with stringent data governance and compliance mandates, such as healthcare, finance, and government, the ability to manage their own encryption keys is a critical advantage. This allows them to demonstrate compliance with specific security policies and audit requirements.
- Strengthen Security Posture: By utilizing CMKs, customers gain the ability to independently manage the lifecycle of their encryption keys, including creation, rotation, disabling, and deletion. This centralized control over key management contributes to an overall stronger security posture for their applications.
- Centralized Key Management: For organizations already using AWS KMS for managing encryption keys across their AWS services, integrating Amazon Managed Service for Apache Flink with their existing CMK strategy offers a streamlined and unified approach to security.
How it Works:
When creating or updating a persistent application in Amazon Managed Service for Apache Flink, customers will now have the option to select an AWS KMS CMK from their account. Once selected, this key will be used to encrypt all data at rest associated with that specific application. AWS KMS handles the secure storage and management of these customer-provided keys, abstracting away the complexities of key management while delivering enhanced control to the customer.
A Commitment to Customer-Centric Security:
This feature underscores AWS’s ongoing commitment to providing customers with the tools and flexibility they need to build and manage their workloads securely. By integrating CMK support, Amazon Managed Service for Apache Flink continues to evolve, meeting the sophisticated security requirements of modern data-intensive applications.
Customers can learn more about configuring CMK support for their Amazon Managed Service for Apache Flink applications by visiting the official AWS documentation. This new capability empowers businesses to confidently process their real-time data streams with an even greater degree of security and control.
Amazon Managed Service for Apache Flink now supports Customer Managed Keys (CMK)
AI has delivered the news.
The answer to the following question is obtained from Google Gemini.
Amazon published ‘Amazon Managed Service for Apache Flink now supports Customer Managed Keys (CMK)’ at 2025-08-20 16:00. Please write a detailed article about this news in a polite tone with relevant information. Please reply in English with the article only.