1. Home
  2. Training Library
  3. Storage (DVA-C01)

Server-Side Encryption with KMS Managed Keys (SSE-KMS)

Start course
Overview
Difficulty
Beginner
Duration
1h 3m
Description

This course provides detail on the AWS Storage services relevant to the Developer - Associate exam.

Want more? Try a lab playground or do a Lab Challenge!

Learning Objectives

  • An overview of Amazon S3
  • An understanding of storage classes
  • S3 versioning
  • Server-access logging
  • Object-level logging
  • Transfer Acceleration
  • Implementing access control policies
  • Cross-Origin Resource Sharing (CORS)
  • Encryption mechanisms, including:
    • SSE-S3
    • SSE-KMS
    • SSE-C
    • CSE-KSM
    • CSE-C
Transcript

Server-Side Encryption with KMS managed keys, SSE-KMS. The encryption process is as follows. Firstly, a client uploads object data to S3. S3 then requests data keys from a KMS-CMK. Using the specified CMK, KMS generates two data keys, a plain text data key and an encrypted version of the same data key. These two keys are then sent back to S3. S3 then combines the object data and the plain text data key to perform the encryption. This creates an encrypted version of the object data which is then stored on S3 along with the encrypted data key. The plain text data key is then removed from memory. The decryption process is as follows. A request is made by the client to S3 to retrieve the object data. S3 sends the associated encrypted data key of the object data to KMS. KMS then uses the correct CMK with the encrypted data key to decrypt it and create a plain text data key. This plain text data key is then sent back to S3. The plain text data key is then combined with the encrypted object data to decrypt it. This decrypted object data is then sent back to the client.

About the Author
Avatar
Stuart Scott
AWS Content Director
Students
188117
Labs
1
Courses
158
Learning Paths
115

Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.

To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.

Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.

He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.

In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.

Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.