learning pathCreate, Manage, and Control Cryptographic Keys using AWS KMS
6 hours
Build hands-on tech skillsImprove theoretical and practical skills needed in real-world scenarios.
Stay focused, stay committedSupercharge your learning journey by enrolling, empowering you to stay focused, motivated, and achieve your goals with ease.
Earn a certificate of completionShow your skills and build your credibility when you include them in your resume and LinkedIn profile.

Training content


This course has been created to give you an understanding of the AWS Key Management Service, allowing you to protect your sensitive data through encryption methods.

Learning Objectives:

  • Understand the basics of encryption
  • Learn what the AWS KMS service has been designed to help you with
  • Understand the different core components and features of KMS, including:
    • AWS KMS Keys
    • Customer keys, AWS Managed Keys, and AWS Owned keys
    • HMAC Keys
    • Data Keys
    • Data Key Pairs
    • Key Material
    • Key Rotation
    • Key Policies
    • Grants
  • Understand how you can use Key Policies, IAM policies, and Grants to control access to KMS keys
  • Learn how to create a new KMS Key and edit key policies.
  • Learn how a user can delegate temporary permissions to another principal using grants
  • How to enable a KMS key
  • How to encrypt data using a Python AWS Lambda function
  • How to create a grant for a KMS key using the AWS CLI
  • Understand the benefits of SSE-KMS and when to use it
  • Create customer-managed customer master keys (CMKs) in AWS Key Management Service (KMS)
  • Use SSE-KMS encryption of objects at rest in S3 buckets
  • Enforce that all objects in an S3 bucket are encrypted using SSE-KMS and if desired, requiring a specific Key for the encryption
  • Learn how to generate random data suitable for use with AWS KMS
  • Learn how to import your key material into AWS KMS
  • Create and attach an EBS volume encrypted with your AWS KMS key


As a perquisite to taking this learning path, you may find it beneficial in having some familiarity with the fundamentals of AWS and some of its core services.


If you have any feedback on this learning path, positive or negative, please send an e-mail to

Your certificate for this learning path
Stuart Scott
AWS Content Director
Learning Paths

Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.

To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.

Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.

He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.

In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.

Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.