- 2.5 hours on-demand video
- 1 article
- 1 downloadable resource
- Full lifetime access
- Access on mobile and TV
- Certificate of Completion
Get your team access to 4,000+ top Udemy courses anytime, anywhere.Try Udemy for Business
- Student will gain a thorough understanding of Key Management Service (KMS) and its workings.
- Prepare for AWS certification exams that demand in-depth knowledge of KMS.
- Students will learn how to protect data at rest using KMS.
- Basic AWS knowledge is required
- Basic knowledge of encryption/decryption
This course provides a complete hands on introduction to AWS Key Management Service(KMS). We have a fast paced style of delivery. The lectures and labs/demo are planned and edited to pack the most content in shortest time. This is a must take course to pass the AWS Security exam. Taught by an instructor who has successfully passed the AWS Security Speciality Exam.
This course includes Labs/demo using the Management Console and the command line interface(CLI).
What the students are saying:
"The pace is good, the presenter peaks very clearly, and the information is presented in a very straightforward way - it is clear they thought a lot about how to present the information in the most clear and concise way."
"Very clear Awesome Pace"
"I really enjoyed the course. I picked up a thing or 2. I think the topic was covered well."
"Great explanation on basic fundamentals"
We will cover topics including:
- Customer Master Key creation with Imported Key Materials
- Generating and using data keys
- Using CMK to import data
- Key Rotation
- Key Access controls
- AWS Managed vs Customer Managed Keys
- Key Lifecycle Management
Why take this course?
1) KMS is integral to encryption of data on AWS.
2) KMS is featured in several AWS Exams and heavily featured in the AWS Security exam.
3) To get an good understanding of KMS so you can identify the best solutions which KMS provides and fits your need.
4) You will get all the future updates we have on the course.
5) Get free Course Slides that you can use for study
6) 30 day money- back guarantee. If you aren't satisfied, we will happily refund you.
7) The instructor is 5x AWS Certified including the AWS Security speciality cert where KMS is heavily featured.
- Anyone learning and using AWS
- Anyone who needs to secure data on AWS using encryption keys they manage
- Those preparing for the AWS Security Speciality Exam and other exams
S3 CLI Reference:
I have added this access control Lab in this section because we have to know few commands for this lab which we covered in this section.
AWS GRANTS LAB:
- Encrypt a plaintext with userB: aws kms encrypt --plaintext "hello" --key-id alias/myKMSgeneratedKey --profile userB
- Encrypt a plaintext with userD: aws kms encrypt --plaintext "hello" --key-id alias/myKMSgeneratedKey --profile userD
- Go to CLI Documentation and read the create-grant section: https://docs.aws.amazon.com/cli/latest/reference/kms/create-grant.html | Aliases is not supported for this command. There are few mandatory field and some optional.
- Command to create grant: aws kms create-grant --key-id arn:aws:kms:us-east-1:3700003135:key/2a3434343d9-8296-4ed4-bc5c-398e5c4cc449 --grantee-principal arn:aws:iam::3782223433135:user/userD --name "userD-grant" --operations "Encrypt" --profile userB
- Use the grant token to encrypt with userD. All you need to provide is the keyID and grant token that was granted with the previous request.
- Try generating Data Key with the grant token: aws kms generate-data-key --key-id arn:aws:kms:us-east-1:3784433135:key/2a82fad9-8296-4ed4-bc5c-398e5c4cc449 --grant-tokens Abcdefddsdsd --profile userD
- Use grant token to generate data keys for UserD and userD should be able to generate data keys: aws kms generate-data-key --key-id arn:aws:kms:us-east-1:378423343435:key/2adssdsfad9-8296-4ed4-bc5c-398sdsdc449 --grant-tokens xxxxxxxx --number-of-bytes 256 --profile userD
- List all the grants: aws kms list-grants --key-id arn:aws:kms:us-east-1:378423433135:key/2a82fad9-8296-4ed4-bc5c-398e5c4cc449 --profile userB
- Revoke grant to stop userD from using it: aws kms revoke-grant --key-id arn:aws:kms:us-east-1:378423433135:key/2a82fad9-8296-4ed4-bc5c-398e5c4cc449 --grant-id b2f1a9178327deceac90c9e5525adf7d2a79ce6aa6382a0c32fc148c379f90a3 --profile userB