AWS Key Management Service (AWS KMS) lets you create KMS keys that can be used to generate and verify Hash-Based Message Authentication Code (HMACs). HMACs are a powerful cryptographic building block that incorporates secret key material within a hash function to create a unique keyed message authentication code. HMAC KMS keys can only be generated and used within the FIPS 140-2 validated HSM security boundary in AWS KMS. This architecture can minimize the risk of these secret keys being compromised, in contrast to using plaintext HMAC keys in local application software.
Source:: Amazon AWS