# KMS

## The Solution Architecture

  1. A KMS-Stored [[RSA]] key
  2. A [[Lambda]] function to sign our tokens
  3. A piece of code we can use wherever we want that can validate that the token was indeed generated by us

Things we'll need:

  1. RSA Key generated in AWS KMS
  2. Public Key of our RSA key
  3. Lambda to do the encryption (with permissions to the KMS key)
  4. Local function (either lambda or plain local functions) to validate the token using the public key


## Links

- https://medium.com/altostra/asymmetric-jwt-signing-using-aws-kms-d7a0a424a65e