hands-on lab

Creating, Importing, and Using Your Own Customer Master Key

Up to 1h
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.
Lab description

AWS Key Management Service (KMS) is an offering from Amazon that allows you to create, store, and manage cryptographic keys. AWS KMS integrates with other AWS services and makes it easy to build secure cloud solutions in AWS.

Generating a secure cryptographic key involves supplying random data commonly referred to as key material. Being able to use AWS KMS to create a key that uses your own key material means that you have full control over the key generation process and enables compliance with strict key generation requirements.

In this hands-on lab, you will create a new key in AWS KMS, generate your own key material, and import your key material into AWS KMS.

Learning Objectives

Upon completion of this beginner level lab, you will be able to:

  • Create a new key in AWS KMS
  • Generate random data suitable for use with AWS KMS
  • Import your key material into AWS KMS
  • Create and attach an EBS volume encrypted with your AWS KMS key

Intended Audience

  • Candidates for AWS certification
  • Cloud Architects
  • Data Engineers
  • DevOps Engineers
  • Software Engineers


Familiarity with the following will be beneficial but is not required:

  • AWS Key Management Service (KMS)
  • The Bash shell
  • Amazon Elastic Compute Cloud (EC2)
  • Elastic Block Store (EBS)

The following courses can be used to fulfill the prerequisite:


February 4th, 2022 - Added validation checks

Environment before

Environment after

About the author
Learning paths

Andrew is a Labs Developer with previous experience in the Internet Service Provider, Audio Streaming, and CryptoCurrency industries. He has also been a DevOps Engineer and enjoys working with CI/CD and Kubernetes.

He holds multiple AWS certifications including Solutions Architect Associate and Professional.

Covered topics
Lab steps
Logging In to the Amazon Web Services Console
Creating Your Own Customer Master Key
Generating Your Own Key Material
Importing and Using Your Customer Master Key