AWS Key Management Service (KMS) is a service that allows you to create and manage cryptographic keys in the public AWS cloud. Using these keys you can secure your data by encrypting it when it's stored and decrypting it on demand.
Learning how to securely manage access to AWS KMS keys is an important part of building secure well-architected systems using AWS. By learning about the options available, you will be more confident about the security posture of your data.
In this hands-on lab, you will see how to use key policies and grants to control access to a KMS key.
Learning objectives
Upon completion of this beginner-level lab, you will be able to:
- Enable a KMS key
- Encrypt data using a Python AWS Lambda function
- Create a grant for a KMS key using the AWS CLI
Intended audiences
- Candidates for the AWS Certified DevOps Engineer Professional certification
- Cloud Architects
- Data Engineers
- DevOps Engineers
- Software Engineers
Prerequisites
Familiarity with the following will be beneficial but is not required:
- AWS Key Management Service (KMS)
- AWS Lambda
- AWS Identity and Access Management (IAM)
- The Python scripting language
The following content can be used to fulfill the prerequisites:
Andrew is a Labs Developer with previous experience in the Internet Service Provider, Audio Streaming, and CryptoCurrency industries. He has also been a DevOps Engineer and enjoys working with CI/CD and Kubernetes.
He holds multiple AWS certifications including Solutions Architect Associate and Professional.