Creating, Importing, and Using Your Own Customer Master Key
Lab Steps
Ready for the real environment experience?
Description
AWS Key Management Service (KMS) is an offering from Amazon that allows you to create, store, and manage cryptographic keys. AWS KMS integrates with other AWS services and makes it easy to build secure cloud solutions in AWS.
Generating a secure cryptographic key involves supplying random data commonly referred to as key material. Being able to use AWS KMS to create a key that uses your own key material means that you have full control over the key generation process and enables compliance with strict key generation requirements.
In this hands-on lab, you will create a new key in AWS KMS, generate your own key material, and import your key material into AWS KMS.
Learning Objectives
Upon completion of this beginner level lab, you will be able to:
- Create a new key in AWS KMS
- Generate random data suitable for use with AWS KMS
- Import your key material into AWS KMS
- Create and attach an EBS volume encrypted with your AWS KMS key
Intended Audience
- Candidates for AWS certification
- Cloud Architects
- Data Engineers
- DevOps Engineers
- Software Engineers
Prerequisites
Familiarity with the following will be beneficial but is not required:
- AWS Key Management Service (KMS)
- The Bash shell
- Amazon Elastic Compute Cloud (EC2)
- Elastic Block Store (EBS)
The following courses can be used to fulfill the prerequisite:
- How to Use KMS Key Encryption to Protect Your Data
- Linux Command Line Byte Session
- Compute Fundamentals For AWS
- Storage Fundamentals for AWS
Updates
February 4th, 2022 - Added validation checks
Andrew is a Labs Developer with previous experience in the Internet Service Provider, Audio Streaming, and CryptoCurrency industries. He has also been a DevOps Engineer and enjoys working with CI/CD and Kubernetes.
He holds multiple AWS certifications including Solutions Architect Associate and Professional.