1. Home
  2. Training Library
  3. Amazon Web Services
  4. Courses
  5. How to use KMS Key encryption to protect your data

Introduction

The course is part of these learning paths

Solutions Architect – Professional Certification Preparation for AWS
course-steps 47 certification 6 lab-steps 19 quiz-steps 4 description 2
SysOps Administrator – Associate Certification Preparation for AWS
course-steps 35 certification 5 lab-steps 30 quiz-steps 4 description 5
Certified Developer – Associate Certification Preparation for AWS
course-steps 29 certification 5 lab-steps 22 description 2
Security - Specialty Certification Preparation for AWS
course-steps 22 certification 2 lab-steps 12 quiz-steps 5
AWS Security Services
course-steps 9 certification 2 lab-steps 4
AWS Access & Key Management Security
course-steps 6 certification 2 lab-steps 2 quiz-steps 2
more_horiz See 5 more

Contents

keyboard_tab
Introduction
1
Introduction
PREVIEW3m 17s
Key Management Service (KMS)
2
What is KMS?
PREVIEW8m 35s
Summary
play-arrow
Introduction
Overview
Transcript
DifficultyIntermediate
Duration1h 11m
Students2959
Ratings
4.8/5
star star star star star-half

Description

Course Description

Unencrypted data can be read and seen by anyone who has access to it, and data stored at-rest or sent between two locations, in-transit, is known as ‘plaintext’ or ‘cleartext’ data.  The data is plain to see and can be seen and understood by any recipient. There is no problem with this as long as the data is not sensitive in any way and doesn’t need to be restricted.   

However, on the other hand, If you have data that IS sensitive and you need to ensure that the contents of that data is only viewable by a particular recipient, or recipients, then you need to add a level of encryption to that data.  

But what is data encryption?
 
This course answers that question by first explaining at a high level what symmetric and assymetric encryption is, before diving into how the Key Management Service (KMS) can help you achieve the required level of encryption of your data across different services.
 
You will undersand why KMS is key to your data security strategy within your organization and how you can use this service to manage data encryption through a series of different encryption keys, either KMS generated or by using your own existing on-premise keys.

Learning Objectives

By the end of this course series you will be able to:

  • Define how the Key encryption process works
  • Explain the differences between the different key types  
  • Create and modify Key policies
  • Understand how to rotate, delete and reinstate keys
  • Define how to import your own Key material

Intended Audience

As this course focuses on data encryption, it’s ideally suited to those in the following roles:

  • Cloud Administrators
  • Cloud Support & Operations
  • Cloud Security Architects
  • Cloud Security Engineers

Prerequisites

To gain the most from this course you should have a basic understanding and awareness of the following:

  • AWS CloudTrail
  • AWS IAM (Understanding of policies)

This course includes

6 lectures

4 demonstrations

Feedback

If you have thoughts or suggestions for this course, please contact Cloud Academy at support@cloudacademy.com.

About the Author

Students56214
Labs1
Courses55
Learning paths38

Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data centre and network infrastructure design, to cloud architecture and implementation.

To date, Stuart has created 50+ courses relating to Cloud, most within the AWS category with a heavy focus on security and compliance

He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.

In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.

Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.

Transcript

Hello and welcome to this course focused entirely on how AWS KMS, the Key Management Service, can be used to encrypt your data within AWS. You will learn the basic concepts of the service through to how to manage more complex components such as configuring Key policies. 

Before we start, I would like to introduce myself. My name is Stuart Scott. I'm one of the trainers here at Cloud Academy specializing in AWS, Amazon Web Services. Feel free to connect with me with any questions using the details shown on the screen. Alternatively, you can always get in touch with us here at Cloud Academy by sending an email to support@cloudacademy.com, where one of our Cloud Experts will reply to your question. 

As this course focuses on data encryption, it's ideally suited to those in the following roles: Cloud Security Engineers, Cloud Security Architects, Cloud Administrators, and Cloud Support and Operations. The KMS service is also heavily featured within the AWS Specialty Certification, so this could be advantageous to those who are studying for this certification. 

The course consists of a number of theory lectures and practical demonstrations. As a result, the course is compiled as follows: 

  • What is KMS? This lecture provides a high-level overview of encryption itself before explaining what the KMS service is, and what it is used for. 
  • Key Components of KMS. To understand how KMS works, you need to be aware of the different components that make up the service, and this lecture explains each element. 
  • Understanding Permissions and Key Policies. KMS is a powerful service, and so understanding how to control access is critical. This lecture focuses on how to grant access to specific keys. 
  • Key Management. This lecture looks at some of the security best practices in understanding how to maintain your Key infrastructure. 
  • And the Course Summary. This final lecture provides a high-level summary of the key points taken from each of the previous lectures. 

By the end of this course, you will able to define how the Key encryption process works, explain the differences between the different key types, create and modify Key policies, understand how to rotate, delete, and reinstate keys, and define how to import your own Key material. 

To gain the most from this course, you should have a basic understanding and awareness of the following: AWS CloudTrail and AWS IAM, specifically relating to the understanding of policies. 

Throughout this course, I will reference a number of URL links which will help and direct you to related information on specific topics. To make these links easily accessible to you, I have included them at the top of the Transcripts section within the lecture that they are referenced. 

Feedback on our courses here at Cloud Academy are valuable to both us as trainers and any students looking to take the same course in the future. If you have any feedback, positive or negative, it would be greatly appreciated if you could contact support@cloudacademy.com. 

That brings me to the end of this lecture. Coming up next, I will introduce the KMS service by looking at it from a fundamental level and answering the question of: What exactly is KMS?