learning path

re:Invent: LAB008 - Using data encryption on AWS

Intermediate
3h 21m
46
5/5
Enhance your skill setDevelop essential skills for thriving in real-world scenarios.
Stay focused, stay committedBoost your learning journey by enrolling: stay focused, consistent and achieve your goals with ease.
Earn a certificate of completionShow your skills and build your credibility when you include them in your resume and LinkedIn profile.

This learning path has been curated to allow you to gain the knowledge and understanding required to get the most from the following re:Invent session, enabling you to understand the insights and discussions during the talk at a greater level, and prepare you to ask some great questions for the speaker(s)! 

LAB008: Using data encryption on AWS - AWS offers numerous services that help protect data at rest and in transit. In this lab, explore a real-world situation and gain practical experience with multiple services. Learn about server-side encryption for Amazon S3, AWS KMS, the Amazon DynamoDB Encryption Client, and AWS CloudHSM. Optionally, use the AWS Encryption SDK to encrypt and decrypt data programmatically.

As you progress through this learning path you will be introduced to a number of different encryption services and features, including Amazon S3 encryption options, Amazon Key Management Service (KMS), Amazon DynamoDB encryption options, and AWS CloudHSM.

Learning Objectives:

Understand the following Amazon S3 encryption options

  • Server-Side Encryption with S3 Managed Keys (SSE-S3)
  • Server-Side Encryption with KMS Managed Keys (SSE-KMS)
  • Server-Side Encryption with Customer Provided Keys (SSE-C)
  • Client-Side Encryption with KMS Managed Keys (CSE-KMS)
  • Client-Side Encryption with Customer Provided Keys (CSE-C)

DynamoDB

  • Define and examine encryption when using Amazon DynamoDB
  • Understand the DynamoDB encryption client

Amazon Key Management Service

  • Define how the Key encryption process works
  • Explain the differences between the different key types 
  • Create and modify Key policies
  • Understand how to rotate, delete and reinstate keys
  • Define how to import your own Key material

AWS CloudHSM

  • Understand what AWS CloudHSM is and does
  • Become familiar with the architecture of CloudHSM and its implementation
  • Access Control of your HSM Cluster
  • How to use CloudHSM as a custom key store in KMS, the Key Management Service
  • Monitoring and Logging


Intended Audience

This learning path is designed for those who are looking to attend the LAB008 Using data encryption on AWS re:Invent session


Your certificate for this learning path
About the Author
Avatar
Stuart Scott
AWS Content Director
Students
238,132
Labs
1
Courses
246
Learning paths
208

Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.

To date, Stuart has created 250+ courses relating to cloud computing reaching over 1 million+ students.

Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.

He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.

Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.

Covered Topics