image
Server-Side Encryption with Customer Provided keys (SSE-C)

Contents

AWS Storage
1
AWS Storage Services
PREVIEW3m 37s
Amazon S3 Introduction
2
Overview of Amazon S3
PREVIEW10m 49s
3
Storage Classes
PREVIEW12m 35s
Amazon EC2
24
EC2 Instance Storage
PREVIEW4m 9s
Amazon Elastic Block Store (EBS)
25
Overview of EBS
PREVIEW10m 8s
Introduction to Amazon EFS
26
What is the Amazon Elastic File System?
PREVIEW6m 1s
27
Storage Classes and Performance Options
PREVIEW6m 56s
EFS in Practice
28
Creating an EFS File System
14m 39s
29
Managing EFS Security
PREVIEW5m 7s
30
Importing Data
2m 53s

The course is part of this learning path

AWS SysOps Administrator - Associate (SOA-C02) Certification Preparation for AWS
8
8
29
1
Start course
Overview
Difficulty
Beginner
Duration
2h 34m
Students
1044
Ratings
4.8/5
starstarstarstarstar-half
Description

This section of the SysOps Administrator - Associate learning path introduces you to the core storage concepts and services relevant to the SOA-C02 exam. We start with an introduction to the AWS storage services, understand the options available, and learn how to select and apply AWS storage services to meet specific requirements. 

Learning Objectives

  • Obtain an in-depth understanding of Amazon S3 management and security features
  • Get both a theoretical and practical understanding of EFS
  • Learn how to create an EFS file system, manage EFS security, and import data in EFS
  • Learn about EC2 storage and Elastic Block Store
Transcript

Server-Side Encryption with Customer Provided Keys, SSE-C. The encryption process is as follows. Firstly, a client uploads Object Data and the Customer-provided Key to S3 for a HTTPS. It will only work with the HTTPS connection. Otherwise, S3 will reject it. S3 will then use the Customer-provided Key to encrypt the Object Data. S3 will also create a sorted HMAC value of the Customer-provided Key for future validation requests. The encrypted Object Data, along with the HMAC value of the Customer Key is then saved and stored on S3. The Customer-provided Key is then removed from memory. The decryption process is as follows. A request is made by the client via HTTPS connection to S3 to retrieve the Object Data. At the same time, the Customer-provided Key is also sent with the request. S3 uses the HMAC value of the same key to confirm it's validity of the requested object. The Customer-provided Key is then used to decrypt the encrypted Object Data. The Object Data is then sent back to the client.

About the Author
Avatar
Stuart Scott
AWS Content Director
Students
229443
Labs
1
Courses
216
Learning Paths
173

Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.

To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.

Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.

He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.

In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.

Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.

Covered Topics

EncryptionSecurityStorageAmazon Web ServicesSecurity for AWSStorage for AWSAmazon Elastic Block Storage (EBS)Amazon Elastic File System (EFS)Amazon S3Amazon S3 Glacier