AWS Encryption for Data Analytics

The use of Big Data is becoming commonplace within many organizations that are using Big Data solutions to perform large scale queried data analysis with business intelligence toolsets to gain a deeper understanding of data gathered.

Within AWS, this data can be stored, distributed and consumed by various different services, many of which can provide features ideal for Big Data analysis. Typically, these huge data sets often include sensitive information, such as customer details or financial information.

With this in mind, security surrounding this data is of utmost importance, and where sensitive information exists, encryption should be applied against the data.

This course firstly provides an explanation of data encryption and the differences between symmetric and asymmetric cryptography. This provides a good introduction before understanding how AWS implements different encryption mechanisms for many of the services that can be used for Big Data. These services include:

  • Amazon S3
  • Amazon Athena
  • Amazon Elastic MapReduce (EMR)
  • Amazon Relational Database Service (RDS)
  • Amazon Kinesis Firehose
  • Amazon Kinesis Streams
  • Amazon Redshift

The course covers encryptions options for data when it is at both at-rest and in-transit and contains for the following lectures:

  • Introduction: This lecture introduces the course objectives, topics covered and the instructor
  • Overview of Encryption: This lecture explains data encryption and when and why you may need to implement data encryption
  • Amazon S3 and Amazon Athena Encryption: This lecture dives into the different encryption mechanisms of S3, from both a server-side and client-side perspective. It also looks at how Amazon Athena can analyze data sets stored on S3 with encryption
  • Elastic MapReduce (EMR) Encryption: This lecture focuses on the different methods of encryption when utilizing EMR in conjunction such as EBS and S3. It also looks at application-specific options with Hadoop, Presto, Tez, and Spark
  • Relational Database Service (RDS) Encryption: This lecture looks at the encryption within RDS, focusing on its built-in encryption plus Oracle and SQL Server Transparent Data Encryption (TDE) encryption
  • Amazon Kinesis Encryption: This lecture looks at both Kinesis Firehose and Kinesis Streams and analyses the encryption of both services.
  • Amazon Redshift Encryption: This lecture explains the 4 tiered encryption structure when working with Redshift and KMS. It also explains how to encrypt when working with CloudHSM with Redshift.
  • Summary: This lecture highlights the key points from the previous lectures

Resources mentioned throughout this course

Cloud Academy Courses:

AWS Resources:



Hello, and welcome to this course. I shall be looking at the different encryption mechanisms that can be utilized across a range of AWS services, that are commonly used for big data solutions, thereby enhancing security around the protection of your data. Before we start, I would like to introduce myself.

My name is Stuart Scott. I'm one of the trainers here at Cloud Academy, and I specialize in AWS, Amazon Web Services. Feel free to connect with me with any questions using the detail shared on the screen. Alternatively, you can always get in touch with us here at Cloud Academy using the community forum where one of our Cloud experts will reply to your question.

This course has been designed for those who are responsible for implementing and managing security, architecting big data solutions, and anyone wanting to learn more about the encryption options available across different AWS services. This course will cover the following topics regarding services that can be used for big data encryption.

Starting with an overview of encryption, this lecture explains what encryption is, the difference between symmetric and asymmetric encryption options, and why you may want to implement encryption in the first place.

Then, I will talk about some of the encryption options for big data storage services, including S3 and Amazon Athena, and how it works with S3 encryption.

Then Elastic MapReduce, followed by RDS. Following these lectures, I will then look at encryption for the Amazon Kinesis platform, which will include Kinesis Firehose, and Kinesis Streams. Finally, I will then look at encryption mechanisms for big data warehousing, where I shall be focusing on Amazon Redshift.

At the very end of the course, there will be a summary lecture highlighting the main points taken from each of the previous lectures within the course. Almost like a cram session.

This course will provide you with an overview of what encryption is, and the differences between symmetric and asymmetric cryptography.
You will also gain the knowledge and understanding of available encryption mechanisms that can be used with big data solutions running on the following AWS services; S3, Athena, EMR, RDS, Kinesis Firehose, Kinesis Streams, and Redshift. As I have already mentioned, this course will be based on a number of different AWS services, and so it would be beneficial to have a basic understanding and awareness of each.

It is also recommended that you have an understanding of the Key Management Service, KMS, as this will be referenced throughout the course. If you are unfamiliar with KMS, then we do have an existing course that focuses on the service, which can be found here. Feedback on our courses here at Cloud Academy are valuable to both us as trainers, and any students looking to take the same course in the future.

If you have any feedback, positive or negative, it would be greatly appreciated if you could use the comment section found at the landing page of this course. That now brings us to the end of this lecture. Coming up next, we're going to start off by looking at an overview of encryption.

About the Author
Learning Paths

Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.

To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.

Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.

He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.

In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.

Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.