diff --git a/tests/files/aws/init-kms.sh b/tests/files/aws/init-kms.sh
new file mode 100644
index 00000000..daae9150
--- /dev/null
+++ b/tests/files/aws/init-kms.sh
@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+awslocal kms create-key \
+    --key-spec RSA_4096 \
+    --key-usage SIGN_VERIFY
+
+awslocal kms create-alias \
+    --alias-name alias/aws-test-key \
+    --target-key-id $(awslocal kms list-keys --query "Keys[0].KeyId" --output text)
\ No newline at end of file
diff --git a/tests/unit/tuf_repository_service_worker/test_signer.py b/tests/unit/tuf_repository_service_worker/test_signer.py
index d631b015..036f2286 100644
--- a/tests/unit/tuf_repository_service_worker/test_signer.py
+++ b/tests/unit/tuf_repository_service_worker/test_signer.py
@@ -2,11 +2,12 @@
 #
 # SPDX-License-Identifier: MIT
 
+import os
 from pathlib import Path
 
 import pytest
 from pretend import stub
-from securesystemslib.signer import CryptoSigner, Key
+from securesystemslib.signer import AWSSigner, CryptoSigner, Key
 
 from repository_service_tuf_worker.interfaces import IKeyVault
 from repository_service_tuf_worker.signer import (
@@ -87,3 +88,22 @@ def test_get_from_file_uri(self):
         signer = store.get(key)
 
         assert isinstance(signer, CryptoSigner)
+
+    @pytest.mark.skipif(
+        not os.environ.get("AWS_ENDPOINT_URL"), reason="No AWS endpoint"
+    )
+    def test_get_from_aws(self):
+        # Import test public key of given key type and keyid alias from AWS KMS
+        # - see tests/files/aws/init-kms.sh for how such a key is created
+        # - see tox.ini for how credentials etc. are passed via env vars
+        scheme = "rsassa-pss-sha256"
+        aws_keyid = "alias/aws-test-key"
+        uri, key = AWSSigner.import_(aws_keyid, scheme)
+
+        key.unrecognized_fields[RSTUF_ONLINE_KEY_URI_FIELD] = uri
+
+        # Load signer from AWS KMS
+        fake_settings = stub()
+        store = SignerStore(fake_settings)
+        signer = store.get(key)
+        assert isinstance(signer, AWSSigner)
diff --git a/tox.ini b/tox.ini
index 0c1581a4..f3c81903 100644
--- a/tox.ini
+++ b/tox.ini
@@ -64,3 +64,34 @@ commands =
 python =
     3.10: py310,pep8,lint,requirements,test
     3.11: py311,pep8,lint,requirements,test
+
+[testenv:local-aws-kms]
+deps =
+    -r{toxinidir}/requirements-dev.txt
+    localstack
+
+allowlist_externals =
+    localstack
+    bash
+
+setenv =
+    DATA_DIR = ./data-test
+    AWS_ACCESS_KEY_ID = test
+    AWS_SECRET_ACCESS_KEY = test
+    AWS_ENDPOINT_URL = http://localhost:4566/
+    AWS_DEFAULT_REGION = us-east-1
+
+commands_pre =
+    # Start virtual AWS KMS
+    localstack start --detached
+    localstack wait
+
+    # Create signing key
+    bash {toxinidir}/tests/files/aws/init-kms.sh
+
+commands =
+    python3 -m pytest tests/unit/tuf_repository_service_worker/test_signer.py -k test_get_from_aws
+
+commands_post =
+    # Stop virtual AWS KMS
+    localstack stop