Customer-managed CMKs are CMKs that you create, own and manage. You have full control over these CMKs, including establishing and maintaining their key policies, IAM policies and grants, enabling and disabling them, rotating their cryptographic material, adding tags, adding aliases that refer to the CMK, and scheduling the CMK deletion.