Create, Manage, and Control Cryptographic Keys using AWS KMS

This course has been created to give you an understanding of the AWS Key Management Service, allowing you to protect your sensitive data through encryption methods.

Learning Objectives:

• Understand the basics of encryption
• Learn what the AWS KMS service has been designed to help you with
• Understand the different core components and features of KMS, including:
  • AWS KMS Keys
  • Customer keys, AWS Managed Keys, and AWS Owned keys
  • HMAC Keys
  • Data Keys
  • Data Key Pairs
  • Key Material
  • Key Rotation
  • Key Policies
  • Grants
• Understand how you can use Key Policies, IAM policies, and Grants to control access to KMS keys
• Learn how to create a new KMS Key and edit key policies.
• Learn how a user can delegate temporary permissions to another principal using grants
• How to enable a KMS key
• How to encrypt data using a Python AWS Lambda function
• How to create a grant for a KMS key using the AWS CLI
• Understand the benefits of SSE-KMS and when to use it
• Create customer-managed customer master keys (CMKs) in AWS Key Management Service (KMS)
• Use SSE-KMS encryption of objects at rest in S3 buckets
• Enforce that all objects in an S3 bucket are encrypted using SSE-KMS and if desired, requiring a specific Key for the encryption
• Learn how to generate random data suitable for use with AWS KMS
• Learn how to import your key material into AWS KMS
• Create and attach an EBS volume encrypted with your AWS KMS key

Prerequisites:

As a perquisite to taking this learning path, you may find it beneficial in having some familiarity with the fundamentals of AWS and some of its core services.

Feedback:

If you have any feedback on this learning path, positive or negative, please send an e-mail to support@cloudacademy.com