Ultimate Hands-On AWS KMS Course 2026

Name: Ultimate Hands-On AWS KMS Course 2026
Rating: 4.5 (13 reviews)

Master AWS KMS for secure encryption, key management, and real-world serverless projects. Hands-On For Developers!

Created byRishi Tiwari

Last updated 1/2026

English

What you'll learn

Grasp the core concepts of symmetric and asymmetric encryption, and how AWS Key Management Service (KMS) simplifies key generation, storage, and usage.
Learn how to securely encrypt and decrypt data using envelope encryption, both in theory and through hands-on labs in AWS CloudShell.
Gain practical skills in applying IAM policies, key policies, and grants to manage secure access to KMS keys, with real-world demos using S3 and Lambda.
Apply your knowledge in two mini-projects (password manager and JWT-based auth server) showcasing how to integrate KMS with serverless architectures.

Course content

7 sections • 16 lectures • 1h 58m total length

Introduction1:08
Explore AWS KMS concepts and envelope encryption for symmetric keys, then build a serverless password manager with DynamoDB and a JWT authentication KMS server using Lambda, Cognito, and API Gateway.

AWS KMS Access Control: Key Policies vs. IAM Permissions1:55
Understand how KMS access control uses both the key policy and IAM permissions, with examples showing a test user able to generate a data key via either policy.
AWS S3 Encryption with AWS KMS & IAM Roles7:57
AWS Lambda Encryption with KMS: Key Policy Access Control Explained9:17
Manage AWS KMS Access with the Visual Policy Editor: Key Users & Admins2:15
AWS KMS Grant - Demo Access Encrypted Lambda Environment Variables5:59
AWS KMS Key Audit Using CloudTrail4:05
AWS KMS Key Rotation And Deletion2:24

AWS KMS Asymmetric Key Demo - Create JSON Web Token Using RSA Key Pair10:21
Explore asymmetric key cryptography in aws kms by generating an rsa 2048 key to sign and verify a json web token, using the public key for verification.
Create Serverless JWT Auth Server Using AWS Lambda, KMS And DynamoDB19:59
Explore JWT-based authentication using an authorization server to sign tokens with a private key and verify with a public key, plus signup and login lambdas, DynamoDB, and KMS.

Requirements

Basic understanding of AWS services
How To Create Simple CRUD App Using AWS
Familiarity with ReactJs and JavaScript

Description

Secure your AWS applications using Key Management Service (KMS)

This project-based crash course walks you through AWS KMS from the ground up, covering core encryption principles, key management, access control, and real-world hands-on demos.

You'll start by learning what KMS is, how encryption works in AWS, and the different key types based on ownership. Then you'll dive into envelope encryption, why it’s used, and implement it.

In the second part of the course, you’ll master KMS key access control using IAM policies, key policies, and grants.

You’ll also learn how to audit key usage with CloudTrail.

To make everything stick, you’ll build two practical projects:

A Serverless Password Manager
A JWT-based Authentication Server using asymmetric KMS keys (RSA)

By the end of this course, you’ll be able to:

Confidently explain how AWS KMS works
Apply envelope encryption in real-world scenarios
Control KMS access using IAM and key policies
Encrypt and protect secrets in AWS
Monitor and audit key usage using CloudTrail
Build secure serverless apps using KMS-backed encryption and JWTs

Who This Course Is For:

Anyone wanting to build secure, serverless architectures
Developers working with AWS want to understand KMS in depth
Learners prepping for AWS Developer or Security exams

Who this course is for:

AWS Beginners Interested in Web Security and Serverless Development

Ultimate Hands-On AWS KMS Course 2026

What you'll learn

Explore related topics

Course content

Introduction1 lecture • 1min

KMS Fundamentals2 lectures • 8min

Envelope Encryption2 lectures • 11min

Managing Access and Permissions in AWS KMS7 lectures • 34min

Symmetric Key Project - Password Manager1 lecture • 30min

Asymmetric Key Project - Auth Server2 lectures • 30min

Resource Cleanup1 lecture • 4min

Requirements

Description

Who this course is for: