CMKs are used for encryption, decryption and signing
3 Types of CMKs:
Customer managed: Owned and Managed by Customer
Used only for your AWS account
AWS managed: Managed by AWS on your behalf
Used only for your AWS account
AWS owned: AWS owns and manages them
Used in multiple AWS accounts.
LIMITED usecases
Most Services support both AWS managed and Customer
managed Keys
Amazon S3, Amazon DynamoDB, Amazon EBS, Amazon SQS, Amazon SNS
Few Services support only AWS managed keys
Amazon DynamoDB Accelerator (DAX), AWS CodeCommit