This learning path has been curated to allow you to gain the knowledge and understanding required to get the most from the following re:Invent session, enabling you to understand the insights and discussions during the talk at a greater level, and prepare you to ask some great questions for the speaker(s)!
LAB008: Using data encryption on AWS - AWS offers numerous services that help protect data at rest and in transit. In this lab, explore a real-world situation and gain practical experience with multiple services. Learn about server-side encryption for Amazon S3, AWS KMS, the Amazon DynamoDB Encryption Client, and AWS CloudHSM. Optionally, use the AWS Encryption SDK to encrypt and decrypt data programmatically.
As you progress through this learning path you will be introduced to a number of different encryption services and features, including Amazon S3 encryption options, Amazon Key Management Service (KMS), Amazon DynamoDB encryption options, and AWS CloudHSM.
Understand the following Amazon S3 encryption options
- Server-Side Encryption with S3 Managed Keys (SSE-S3)
- Server-Side Encryption with KMS Managed Keys (SSE-KMS)
- Server-Side Encryption with Customer Provided Keys (SSE-C)
- Client-Side Encryption with KMS Managed Keys (CSE-KMS)
- Client-Side Encryption with Customer Provided Keys (CSE-C)
- Define and examine encryption when using Amazon DynamoDB
- Understand the DynamoDB encryption client
Amazon Key Management Service
- Define how the Key encryption process works
- Explain the differences between the different key types
- Create and modify Key policies
- Understand how to rotate, delete and reinstate keys
- Define how to import your own Key material
- Understand what AWS CloudHSM is and does
- Become familiar with the architecture of CloudHSM and its implementation
- Access Control of your HSM Cluster
- How to use CloudHSM as a custom key store in KMS, the Key Management Service
- Monitoring and Logging
This learning path is designed for those who are looking to attend the LAB008 Using data encryption on AWS re:Invent session
Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.
To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.
Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.
He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.
In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.
Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.