image
Manage Your Own Encryption Keys Using AWS CloudHSM

Contents

The course is part of these learning paths

Becoming an AWS Cloud Architect — Proficient
14
1
10
1
Security - Specialty Certification Preparation for AWS
29
2
14
AWS Security, Identity & Compliance
34
2
7
AWS Access & Key Management Security
12
2
2
2
more_horizSee 1 more
Introduction to CloudHSM
Overview
Difficulty
Intermediate
Duration
33m
Students
3923
Ratings
3.8/5
starstarstarstar-halfstar-border
Description

HSM stands for Hardware Security Module, but what is a hardware security module? It’s a physical tamper-resistant hardware appliance that is used to protect and safeguard cryptographic material and encryption keys.

The AWS CloudHSM service provides HSMs that are validated to Federal Information Processing Standards (FIPS) 140-2 Level 3, which is often required if you are going to be using your CloudHSM for document signing or if you intend to operate a public certificate authority for SSL certificates.

Learning Objectives

The objectives of this course are to explain:

  • What AWS CloudHSM is and does
  • The architecture of CloudHSM and its implementation
  • Access Control of your HSM Cluster
  • How to use CloudHSM as a custom key store in KMS, the Key Management Service
  • Monitoring and Logging

Intended Audience

This course is intended for anyone who is:

  • Responsible for protecting data stored within AWS
  • Looking to utilize a managed service to help perform cryptographic operations
  • Preparing for an AWS certification that requires you to have knowledge of securing data

Prerequisites

To get the most out of this course, you should have a basic awareness of the fundamentals of AWS and some of its core services, such as VPC architecture. Some basic cryptography knowledge would also be beneficial, but not essential.

 

Transcript

Hello, and welcome to this course that will be focused on AWS CloudHSM, which is a security service offered by AWS that allows you to generate and use your own encryption keys to protect your data through encryption.

Before we start I’d like to introduce myself, my name is Stuart Scott, and I am the AWS content and security lead here at Cloud Academy.  Feel free to connect with me to ask any questions using the details shown on the screen, alternatively you can always get in touch with us here at Cloud Academy by sending an e-mail to support@cloudacademy.com where one of our Cloud experts will reply to your question.

This course has been designed for those who are responsible for protecting data stored within AWS.  If you are looking to utilise a managed service to help you perform cryptographic operations then this course can help you understand how to manage those controls. Also, if you are preparing for an AWS certification that requires you to have knowledge of securing data, having knowledge of CloudHSM will help.

The objectives of this course are to explain what AWS CloudHSM is and does, the architecture of CloudHSM and its implementation, Access Control of your HSM Cluster, how to use CloudHSM as a custom key store in KMS, the Key Management Service, and Monitoring and Logging.

As a prerequisite to this course, it would be beneficial to have a basic awareness of the fundamentals of AWS and some of its core services, such as VPC architecture, in addition to some basic cryptography knowledge, but this is not essential.

Feedback on our courses here at Cloud Academy is valuable to both us as trainers and any students looking to take the same course in the future. If you have any feedback, positive or negative, it would be greatly appreciated if you could contact support@cloudacademy.com.

Please note that, at the time of writing this content, all course information was accurate.  AWS implements hundreds of updates every month as part of its ongoing drive to innovate and enhance its services.

As a result, minor discrepancies may appear in the course content over time.  Here at Cloud Academy, we strive to keep our content up to date in order to provide the best training available. 

So, if you notice any information that is outdated, please contact support@cloudacademy.com.  This will allow us to update the course during its next release cycle.

Thank you! 

 

About the Author
Avatar
Stuart Scott
AWS Content Director
Students
229553
Labs
1
Courses
216
Learning Paths
173

Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.

To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.

Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.

He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.

In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.

Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.

Covered Topics

SecurityAmazon Web ServicesSecurity for AWSAWS CloudHSM