Cloud Sovereignty Deep Dive - AWS KMS Control Plane Analysis
XKS protects key material from extraction, but does it protect against legal compulsion to use those keys? Updated with AWS European Sovereign Cloud (GA January 2026).
Table of Contents
- The Problem
- Who Should Read This
- The Solution
- How It Works
- The Trust Boundary Analysis
- Detailed Attack Surface (Standard AWS Regions)
- What XKS Protects Against
- The Mechanism
- Legal Framework
- The Business Deterrent
- AWS European Sovereign Cloud (January 2026)
- Whatβs Different
- Architecture
- The Sovereignty Investment
- What This Means for XKS
- Services Available
- True Sovereignty Options
- Option 1: Client-Side Encryption
- Option 2: European Sovereign Cloud + XKS
- Option 3: XKS Proxy with Customer Authentication
- Option 4: Split-Knowledge / Quorum
- Cost Comparison (3-Year TCO)
- Recommendation Matrix
- XKS Proxy Monitoring
- What I Learned
- My Take
- Do It Yourself
- Key Takeaways
- Try It Now
The Problem
A common assumption is that AWS External Key Store (XKS) provides complete sovereignty over encryption keys because the key material never leaves the customerβs HSM. But thereβs a gap between key material protection (canβt be extracted) and key usage control (can still be used under legal compulsion).
AWS documentation emphasizes what IS protected without clarifying what ISNβT. Security architects need to understand the real trust boundaries before designing encryption strategies.
Update (February 2026): The AWS European Sovereign Cloud went GA on January 14, 2026. This significantly changes the risk calculus for European customers. See the dedicated section below.
TL;DR
- XKS protects key material (cannot be extracted) but not key usage (can still be used under legal compulsion)
- The KMS control plane sits between your IAM policies and your external HSMβAWS controls this layer
- AWS European Sovereign Cloud now offers a middle ground: EU legal entity, EU-only operators, no non-EU dependencies
- True sovereignty requires client-side encryption where AWS never sees plaintext or keys
- For most workloads, European Sovereign Cloud + XKS is now the pragmatic choice for regulated European data
- Cost jumps significantly: KMS ~$15k/3Y β XKS ~$450k/3Y β Client-side ~$650k/3Y
Who Should Read This
| Role | Why This Matters |
|---|---|
| Security Architects | Understand the real trust boundaries before designing encryption strategies |
| CISOs | Make informed risk decisions about cloud sovereignty claims |
| Compliance Officers | Know what βcustomer-controlled keysβ actually means for audit purposes |
| CTOs / Tech Leaders | Evaluate cloud adoption for regulated or sensitive workloads |
The Solution
Map the full control flow (not just data flow) and choose the appropriate level of protection based on data classification and risk tolerance.
How It Works
The Trust Boundary Analysis
Even with XKS, the control flow is:
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β AWS CONTROL PLANE β
β β
β βββββββββββββββ βββββββββββββββ βββββββββββββββ β
β β IAM Policy β βββΊ β KMS β βββΊ β XKS/HSM β β
β β β β Service β β (customer) β β
β βββββββββββββββ βββββββββββββββ βββββββββββββββ β
β β
β Customer controls AWS controls Customer controls β
β (via console) (infrastructure) (key material) β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββThe gap: The KMS service layer sits between IAM policy evaluation and the external HSM. This service layer is AWS-controlled infrastructure.
Detailed Attack Surface (Standard AWS Regions)
LEGAL COMPULSION SCENARIO
========================
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β AWS INFRASTRUCTURE β
β (US jurisdiction) β
β β
β NORMAL FLOW: β
β βββββββββββ βββββββββββββββ βββββββββββββββ βββββββββββ β
β β Your βββββΊβ IAM Policy βββββΊβ KMS βββββΊβ XKS ββββΌββΊ
β β App β β Evaluation β β Service β β Proxy β β
β βββββββββββ βββββββββββββββ βββββββββββββββ βββββββββββ β
β β
β COMPELLED FLOW: β
β βββββββββββ βββββββββββββββ βββββββββββββββ βββββββββββ β
β β Gov/NSA βββββΊβ BYPASSED βββββΊβ Modified βββββΊβ XKS ββββΌββΊ
β β Request β β β β KMS β β Proxy β β
β βββββββββββ βββββββββββββββ βββββββββββββββ βββββββββββ β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββΌβββββββββ
β YOUR INFRASTRUCTURE β β
β βΌ β
β XKS Proxy receives valid KMS request ββββββββββββββΊ ββββββββββββ β
β HSM has no way to know it's unauthorized β HSM β β
β HSM responds with decryption ββββββββββββββββββββββββ β β
β ββββββββββββ β
β β οΈ KEY MATERIAL PROTECTED β
β β KEY USAGE NOT PROTECTED β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββWhat XKS Protects Against
| Threat | XKS Effective? |
|---|---|
| Key extraction (copying key material) | β Yes |
| Rogue AWS employee accessing keys | β Partially |
| Physical data center seizure | β Yes |
| Legal compulsion to USE keys | β No |
| AWS control plane modification | β No |
The Mechanism
If a government compels AWS to modify the KMS control plane:
- An unauthorized principal could be injected at the service level
- KMS receives the decrypt request
- KMS calls the customerβs XKS Proxy
- The XKS Proxy sees a valid KMS request β responds
- Data is decrypted
The key material was never extracted, but the key was used.
Legal Framework
| Law | Scope |
|---|---|
| CLOUD Act (2018) | US gov can compel US companies to provide data stored anywhere |
| FISA Section 702 | Surveillance of non-US persons |
| National Security Letters | Secret demands with gag orders |
Key point: AWS is a US legal entity β subject to US jurisdiction regardless of data location, customer location, or βSovereign Cloudβ branding.
The Business Deterrent
The legal framework above describes whatβs theoretically possible. But thereβs a powerful counter-force: economic reality.
If AWS were caught complying with secret government orders to decrypt European customer data:
| Consequence | Impact |
|---|---|
| Immediate trust collapse | Enterprise customers would flee overnight |
| Regulatory retaliation | EU could ban AWS operations entirely |
| Competitor advantage | Every non-US cloud provider gains massively |
| Revenue destruction | AWSβs ~$100B annual revenue at existential risk |
The game theory: A US government demand to secretly decrypt European enterprise data would effectively be asking AWS to commit business suicide. The rational response is to fight such orders in court, restructure to make compliance impossible, or accept contempt charges rather than comply.
This isnβt naive optimismβitβs economic deterrence. The same logic that prevents nuclear powers from using their weapons: the cost of action exceeds any possible benefit.
The βcanaryβ evidence: No major hyperscaler has ever been publicly caught complying with secret decryption orders for enterprise customers. Given the scale of investigative journalism, whistleblower incentives, and warrant canary monitoring, a major incident would likely surface. The absence of evidence isnβt proof, but itβs meaningful signal.
Bottom line: The legal compulsion risk is real but heavily mitigated by business incentives. AWS has more to lose from compliance than from resistance.
AWS European Sovereign Cloud (January 2026)
The AWS European Sovereign Cloud went generally available on January 14, 2026. This represents AWSβs most significant sovereignty investment: β¬7.8 billion in infrastructure, jobs, and skills development.
Whatβs Different
| Aspect | Standard AWS Regions | European Sovereign Cloud |
|---|---|---|
| Legal entity | Amazon Web Services, Inc. (US) | Dedicated EU legal entity (German law) |
| Operators | Global AWS staff | EU citizens located in EU only |
| Management | US-based leadership | EU-resident managing directors |
| Oversight | Standard AWS governance | Independent advisory board (EU citizens) |
| Infrastructure | Global dependencies | No critical non-EU dependencies |
| Metadata | May leave region | Stays in EU (IAM, configs, labels) |
| Isolation | Logical separation | Physical AND logical separation |
| Resilience | Connected to global AWS | Can operate if isolated from world |
Architecture
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β AWS EUROPEAN SOVEREIGN CLOUD β
β (EU jurisdiction - German law) β
β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β Partition: aws-eusc Region: eusc-de-east-1 β β
β β β β
β β β’ Dedicated IAM system (EU-only) β β
β β β’ Dedicated billing system (EUR, EU currencies) β β
β β β’ European Trust Service Provider for certificates β β
β β β’ European TLDs for Route 53 nameservers β β
β β β’ Technical controls block non-EU access β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β
β Operated by: EU citizens in EU β
β Managed by: StΓ©phane IsraΓ«l, Stefan Hoechbauer (EU residents) β
β Oversight: Independent EU advisory board β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
β No critical dependencies
βΌ
Can operate indefinitely even if isolated from global AWSThe Sovereignty Investment
The β¬7.8B investment isnβt just infrastructureβitβs AWS buying legal and jurisdictional separation. Theyβre creating a defensible position against future legal compulsion:
- Different legal entity β US courts canβt directly compel an EU company
- EU-only operators β No US persons with access to compel
- No non-EU dependencies β Canβt be forced via infrastructure control
- Independent oversight β Advisory board adds accountability layer
This is essentially an insurance policy. AWS is paying billions to be able to say: βWe literally cannot complyβdifferent legal entity, EU-only staff, no access path.β
What This Means for XKS
The European Sovereign Cloud includes AWS KMS. Combined with XKS:
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β AWS EUROPEAN SOVEREIGN CLOUD β
β (EU jurisdiction) β
β β
β βββββββββββββββ βββββββββββββββ βββββββββββββββ β
β β IAM Policy β βββΊ β KMS β βββΊ β XKS/HSM β β
β β (EU-only) β β (EU-only) β β (customer) β β
β βββββββββββββββ βββββββββββββββ βββββββββββββββ β
β β
β EU legal entity EU operators Customer controls β
β EU oversight EU jurisdiction key material β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββThe improvement: Even the control plane is now under EU jurisdiction, operated by EU citizens, with no US access path. The theoretical βcompelled flowβ attack surface is dramatically reduced.
Services Available
The European Sovereign Cloud launched with comprehensive services including:
- Compute: EC2, Lambda, EKS, ECS
- Database: Aurora, DynamoDB, RDS
- Storage: S3, EBS
- AI/ML: SageMaker, Bedrock
- Security: KMS, Private CA, IAM
- Networking: VPC, Route 53
Expansion planned with Local Zones in Belgium, Netherlands, and Portugal.
True Sovereignty Options
Option 1: Client-Side Encryption
ββββββββββββββββ βββββββββββββββ βββββββββββββββ
β Application ββββββΊβ Customer ββββββΊβ AWS β
β β β HSM β β (ciphertextβ
β Encrypt here β β (on-prem) β β only) β
ββββββββββββββββ βββββββββββββββ βββββββββββββββKMS never involved. AWS stores ciphertext only. Even under compulsion, AWS cannot decrypt.
Option 2: European Sovereign Cloud + XKS
Best of both worlds for European customers:
- EU jurisdiction for control plane
- Customer-controlled key material
- Full AWS service portfolio
- Monitoring capability on XKS Proxy
Option 3: XKS Proxy with Customer Authentication
Customer adds monitoring to the XKS Proxy:
- Request allowlisting
- Anomaly detection
- Rate limiting
- Kill switch
Can detect and block unusual access patterns.
Option 4: Split-Knowledge / Quorum
Both AWS and customer hold separate keys. Neither party can decrypt alone.
Cost Comparison (3-Year TCO)
| Approach | 3Y Total | Sovereignty Level |
|---|---|---|
| KMS (managed) | ~$9k | β οΈ Low |
| KMS (CMK) | ~$15k | β οΈ Low |
| CloudHSM | ~$170k | πΆ Medium |
| European Sovereign Cloud + KMS | ~$20k* | π· High |
| XKS + HSM | ~$440k | π· High |
| European Sovereign Cloud + XKS | ~$460k* | β Very High |
| Client-side | ~$660k | β Very High |
*Pricing in EUR, similar to standard regions. Check AWS European Sovereign Cloud pricing for current rates.
Recommendation Matrix
| Data Classification | Recommended Approach |
|---|---|
| Public | AWS KMS (AWS-managed) |
| Internal | AWS KMS (Customer-managed CMK) |
| Confidential (EU) | European Sovereign Cloud + KMS |
| Confidential (non-EU) | XKS + monitored proxy |
| Secret/Regulated (EU) | European Sovereign Cloud + XKS |
| Secret/Regulated (non-EU) | Client-side encryption |
| Classified | On-premises only |
XKS Proxy Monitoring
If using XKS, implement monitoring on your proxy:
def handle_kms_request(request):
log_request(request)
if request.source_arn not in ALLOWED_ARNS:
alert("Unauthorized source")
return DENY
if get_request_rate() > THRESHOLD:
alert("Unusual request volume")
return DENY
if not is_business_hours():
alert("Off-hours access attempt")
return forward_to_hsm(request)What I Learned
- Marketing vs Architecture β βSovereigntyβ features protect key material but may not protect against key usage under legal compulsion
- Trust Boundaries β Always map the full control flow, not just the data flow
- Defense in Depth β XKS is valuable but not sufficient alone for true sovereignty
- Documentation Gaps β Vendor documentation often emphasizes what IS protected without clarifying what ISNβT
- Economic Deterrence β Business incentives can be as powerful as technical controls
- Jurisdictional Engineering β The European Sovereign Cloud shows how infrastructure investment can create legal separation
My Take
The landscape has shifted. When I first analyzed this topic, the European Sovereign Cloud was still βin the works.β Now itβs GA, and it materially changes the risk calculus.
For European organizations with sovereignty requirements, the European Sovereign Cloud is now the default choice. The combination of EU legal entity, EU-only operators, independent oversight, and no non-EU dependencies addresses most practical concerns. Add XKS for defense in depth.
The business deterrent is underappreciated. Legal frameworks describe theoretical powers, but economic reality constrains their use. AWS complying with secret decryption orders for European enterprise customers would be business suicideββ¬100B+ in annual revenue at risk. This doesnβt make the risk zero, but it makes it extremely low.
Client-side encryption remains the gold standard for organizations that genuinely cannot accept any residual risk. But for most regulated European workloads, European Sovereign Cloud + XKS is now the pragmatic sweet spot.
The uncomfortable truth remains: Perfect sovereignty and cloud convenience are fundamentally at odds. But the gap has narrowed significantly. The European Sovereign Cloud isnβt just marketingβitβs β¬7.8B of infrastructure specifically designed to create jurisdictional separation.
My practical advice:
- Classify your data honestly β Not everything is βsecretβ
- Default to European Sovereign Cloud for regulated EU workloads
- Add XKS for crown jewels β Defense in depth
- Monitor aggressively β Detection > Prevention for most threats
- Document your risk acceptance β Make it a conscious business decision
Do It Yourself
Key Takeaways
- XKS protects key material, not key usage β your keys cannot be extracted, but AWS infrastructure can still invoke them under legal compulsion. The European Sovereign Cloud mitigates this by placing the control plane under EU jurisdiction.
- Economic deterrence is powerful but not absolute β AWS has β¬100B+ reasons to resist secret decryption orders, but business incentives arenβt legal guarantees. For truly sensitive data, assume the worst case.
- Data classification drives architecture β not everything needs maximum sovereignty. Public/internal data can use standard KMS. Confidential EU data fits the European Sovereign Cloud. Crown jewels need client-side encryption or European Sovereign Cloud + XKS.
Try It Now
- Map your data classification β categorize workloads into public, internal, confidential, secret. Use the recommendation matrix in this post to match each tier to an encryption approach.
- Set up XKS with monitoring β deploy an XKS Proxy with request logging, allowlist validation, and rate limiting. Reference implementation: AWS XKS Proxy samples
- Evaluate European Sovereign Cloud β if you have EU sovereignty requirements, check service availability for your workloads: AWS European Sovereign Cloud
- Implement client-side encryption for crown jewels β use the AWS Encryption SDK for application-layer encryption before data touches AWS. Tutorial: Client-side encryption with AWS Encryption SDK
- Test CloudHSM for on-premises key control β if you need a middle ground between KMS and full client-side, CloudHSM gives you dedicated hardware in AWS regions with FIPS 140-2 Level 3 validation. CloudHSM getting started guide
Updated February 2026 to reflect AWS European Sovereign Cloud general availability (January 14, 2026).
Never miss a post
Get notified when I publish new articles about AI, Cloud, and AWS.
No spam, unsubscribe anytime.
Comments
Sign in to leave a comment
Related Posts
Cloud Sovereignty for the Board β A 3-Tier Architecture That Maps Data Sensitivity to Control Level
Your board asks 'is our data safe in the cloud?' The answer is not yes or no β it is a classification decision that maps each workload to the right control tier. Here is the framework, with the metadata exposure gap most teams miss.
When Your Keys Get Locked In: Navigating AWS KMS Import Limitations
AWS KMS doesn't allow key material export by design. When an external PKI partner generates keys but doesn't retain them, you're stuck. Here are the four AWS alternatives β CloudHSM, XKS, Private CA, and fixing the process β with a decision framework to pick the right one.
Your Security Team Wants to Privatize Your App β Here's What They Actually Need
When your security team says 'make it private', they usually mean 'make it secure.' This post compares four approaches β VPC privatization, WAF IP allowlisting, CloudFront + auth hardening, and AWS Verified Access β and explains why Zero Trust beats network perimeters for internal applications.