This section of the Solution Architect Associate learning path introduces you to the core encryption concepts and services relevant to the SAA-C03 exam. We overview the AWS encryption options and how to select and apply AWS encryption services to meet relevant situations and scenarios.
Want more? Try a lab playground or do a Lab Challenge!
Learning Objectives
- Learn the fundamentals of Amazon's Key Management Service (KMS), including permissions, key policies, and key management
- Learn how the AWS Secrets Manager is used to implement security best practices by protecting secrets such as database credentials and API keys
- Learn the fundamentals of CloudHSM, how it's implemented, and how to use it as a Custom Key Store in KMS
- Learn how to implement server-side and client-side encryption
Server-Side Encryption with S3 Managed Keys, SSE-S3. The encryption process is as follows. Firstly, a client uploads Object Data to S3. S3 then takes this Object Data and encrypts it with an S3 Plaintext Data Key. This creates an encrypted version of the Object Data, which is then saved and stored on S3. Next, the S3 Plaintext Data Key is encrypted with an S3 Master Key. Which creates an encrypted S3 Data Key. This encrypted Data Key is then also stored on S3 and the Plaintext Data Key is removed from memory. The decryption process is as follows. A request is made by the client to S3 to retrieve the Object Data. S3 takes the associated encrypted S3 Data Key off the Object Data and decrypts it with the S3 Master Key. The S3 Plaintext Data Key is then used to decrypt the object data. This object data is then sent back to the client.
Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.
To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.
Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.
He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.
In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.
Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.