re:Invent: LAB008 - Using data encryption on AWS

AVG Duration3h


This learning path has been curated to allow you to gain the knowledge and understanding required to get the most from the following re:Invent session, enabling you to understand the insights and discussions during the talk at a greater level, and prepare you to ask some great questions for the speaker(s)! 

LAB008: Using data encryption on AWS - AWS offers numerous services that help protect data at rest and in transit. In this lab, explore a real-world situation and gain practical experience with multiple services. Learn about server-side encryption for Amazon S3, AWS KMS, the Amazon DynamoDB Encryption Client, and AWS CloudHSM. Optionally, use the AWS Encryption SDK to encrypt and decrypt data programmatically.

As you progress through this learning path you will be introduced to a number of different encryption services and features, including Amazon S3 encryption options, Amazon Key Management Service (KMS), Amazon DynamoDB encryption options, and AWS CloudHSM.

Learning Objectives:

Understand the following Amazon S3 encryption options

  • Server-Side Encryption with S3 Managed Keys (SSE-S3)
  • Server-Side Encryption with KMS Managed Keys (SSE-KMS)
  • Server-Side Encryption with Customer Provided Keys (SSE-C)
  • Client-Side Encryption with KMS Managed Keys (CSE-KMS)
  • Client-Side Encryption with Customer Provided Keys (CSE-C)


  • Define and examine encryption when using Amazon DynamoDB
  • Understand the DynamoDB encryption client

Amazon Key Management Service

  • Define how the Key encryption process works
  • Explain the differences between the different key types 
  • Create and modify Key policies
  • Understand how to rotate, delete and reinstate keys
  • Define how to import your own Key material


  • Understand what AWS CloudHSM is and does
  • Become familiar with the architecture of CloudHSM and its implementation
  • Access Control of your HSM Cluster
  • How to use CloudHSM as a custom key store in KMS, the Key Management Service
  • Monitoring and Logging

Intended Audience

This learning path is designed for those who are looking to attend the LAB008 Using data encryption on AWS re:Invent session


Your certificate for this learning path

Training Content

Course - Beginner - 2m
re:Invent LAB008 Introduction
This course introduces the learning path designed to help you get the most from the re:Invent session LAB008: Using data encryption on AWS.
Course - Advanced - 12m
Understanding S3 Encryption Mechanisms to Secure your Data
In this course, you'll learn about the S3 encryption and decryption process for S3 Managed Keys, KMS Managed Keys, and Customer Provided Keys.
Hands-on Lab - Beginner - 45m
Encrypting S3 Objects Using SSE-KMS
This lab explores how to encrypting S3 objects in AWS using SSE-KMS.
Course - Beginner - 8m
Amazon DynamoDB Encryption Options
Understand the different encryption mechanisms that can be utilized when using Amazon DynamoDB
Course - Intermediate - 1h 10m
How to Use KMS Key Encryption to Protect Your Data
In this course, you will learn the basics of KMS, what it will cost to implement, how to encrypt data, and more...
Course - Intermediate - 33m
Manage Your Own Encryption Keys Using AWS CloudHSM
This course gets you started with AWS CloudHSM by giving you an overview of the basics of the service, what it is, and its use cases.
Resource - Not defined - 5m
Attend the live re:invent session LAB008 - Tuesday, November 30
Please attend the live re:Invent LAB008: Using data encryption on AWS
Exam - 25m
Final Exam: Using Data Encryption on AWS
Final Exam: Using Data Encryption on AWS
About the Author
Learning paths128

Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.

To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.

Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.

He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.

In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.

Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.