CloudAcademy
  1. Home
  2. Content Library
  3. Amazon Web Services
  4. Courses
  5. How to use KMS Key encryption to protect your data

Introduction

The course is part of these learning paths

Security - Specialty Certification Preparation for AWS

course-steps 22 certification 1 lab-steps 11

Solutions Architect – Associate Certification Preparation for AWS - Feb 2018

course-steps 28 certification 6 lab-steps 23

AWS Security Services

course-steps 9 certification 1 lab-steps 4 quiz-steps 5

AWS Access & Key Management Security

course-steps 6 certification 1 lab-steps 2 quiz-steps 3

DevOps Engineer – Professional Certification Preparation for AWS

course-steps 16 certification 1 lab-steps 10 quiz-steps 2

Contents

keyboard_tab
Introduction
1
Introduction3m 17s
Key Management Service (KMS)
2
What is KMS?8m 35s
3
Components of KMS11m 6s
4
Understanding Permissions & Key Policies24m 6s
5
Key Management14m 13s
Summary
6
Course Summary9m 43s
play-arrow
Start course
Overview
Transcript
DifficultyIntermediate
Duration1h 11m
Students940

Description

Course Description

Unencrypted data can be read and seen by anyone who has access to it, and data stored at-rest or sent between two locations, in-transit, is known as ‘plaintext’ or ‘cleartext’ data.  The data is plain to see and can be seen and understood by any recipient. There is no problem with this as long as the data is not sensitive in any way and doesn’t need to be restricted.   

However, on the other hand, If you have data that IS sensitive and you need to ensure that the contents of that data is only viewable by a particular recipient, or recipients, then you need to add a level of encryption to that data.  

But what is data encryption?
 
This course answers that question by first explaining at a high level what symmetric and assymetric encryption is, before diving into how the Key Management Service (KMS) can help you achieve the required level of encryption of your data across different services.
 
You will undersand why KMS is key to your data security strategy within your organization and how you can use this service to manage data encryption through a series of different encryption keys, either KMS generated or by using your own existing on-premise keys.

Learning Objectives

By the end of this course series you will be able to:

  • Define how the Key encryption process works
  • Explain the differences between the different key types  
  • Create and modify Key policies
  • Understand how to rotate, delete and reinstate keys
  • Define how to import your own Key material

Intended Audience

As this course focuses on data encryption, it’s ideally suited to those in the following roles:

  • Cloud Administrators
  • Cloud Support & Operations
  • Cloud Security Architects
  • Cloud Security Engineers

Prerequisites

To gain the most from this course you should have a basic understanding and awareness of the following:

  • AWS CloudTrail
  • AWS IAM (Understanding of policies)

This course includes

6 lectures

4 demonstrations

Feedback

If you have thoughts or suggestions for this course, please contact Cloud Academy at support@cloudacademy.com.

About the Author

Students35498
Labs1
Courses39
Learning paths13

Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data centre and network infrastructure design, to more recently cloud architecture and implementation.

He is a Certified Data Centre Design Professional (CDCDP), with his latest achievements gained within the Amazon Web Services (AWS) field.

He currently holds the AWS Certified Solutions Architect - Associate certification as well as accreditations as an AWS Business and Technology Professional and in TCO and Cloud Economics.

In January 2016 Stuart was awarded 'Expert of the Year Award 2015' from Experts Exchange for his knowledge share within cloud services to the community.

Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.