This course has been created to give you an understanding of the AWS Key Management Service, allowing you to protect your sensitive data through encryption methods.

Learning Objectives:

• Understand the basics of encryption
• Learn what the AWS KMS service has been designed to help you with
• Understand the different core components and features of KMS, including:
  • AWS KMS Keys
  • Customer keys, AWS Managed Keys, and AWS Owned keys
  • HMAC Keys
  • Data Keys
  • Data Key Pairs
  • Key Material
  • Key Rotation
  • Key Policies
  • Grants
• Understand how you can use Key Policies, IAM policies, and Grants to control access to KMS keys
• Learn how to create a new KMS Key and edit key policies.
• Learn how a user can delegate temporary permissions to another principal using grants
• How to enable a KMS key
• How to encrypt data using a Python AWS Lambda function
• How to create a grant for a KMS key using the AWS CLI
• Understand the benefits of SSE-KMS and when to use it
• Create customer-managed customer master keys (CMKs) in AWS Key Management Service (KMS)
• Use SSE-KMS encryption of objects at rest in S3 buckets
• Enforce that all objects in an S3 bucket are encrypted using SSE-KMS and if desired, requiring a specific Key for the encryption
• Learn how to generate random data suitable for use with AWS KMS
• Learn how to import your key material into AWS KMS
• Create and attach an EBS volume encrypted with your AWS KMS key

Prerequisites:

As a perquisite to taking this learning path, you may find it beneficial in having some familiarity with the fundamentals of AWS and some of its core services.

Feedback:

If you have any feedback on this learning path, positive or negative, please send an e-mail to support@cloudacademy.com