This lab provides a basic understanding and hands-on experience of AWS Key Management Service. It will demonstrate the basic steps required to get started with Key Management Service, creating keys, assigning management and usage permissions for the keys, encrypting data and monitoring the access and usage of keys. For the lab to function as written, please DO NOT change the auto assigned region.
Level
Fundamental
Duration
1 Hours 0 MinutesCourse Objectives
In this course, you will learn how to:
- Create an Encryption Key
- Create an S3 bucket with CloudTrail logging functions
- Encrypt data stored in a S3 bucket using an encryption key
- Monitor encryption key usage using CloudTrail
- Manage encryption keys for users and roles
Intended Audience
This course is intended for:
- Architects
- Developers
- Infrastructure Engineers
- Security Engineers
Prerequisites
We recommend that attendees of this course have the following prerequisites:
- Some familiarity with access control management
- Strongly recommended to complete this lab using the Google Chrome web browser. If you cannot use Google Chrome then you will need to have a utility on your computer that can open gzip compressed files (\*.gz).
Course Outline
- Task 1: Create Your KMS Master Key
- Task 2: Configure CloudTrail to Store Logs In An S3 Bucket
- Task 3: Upload an Image to Your S3 Bucket And Encrypt It
- Task 4: Access The Encrypted Image
- Task 5: Monitor KMS Activity Using CloudTrail Logs
- Task 6: Manage Encryption Keys