Took the exam today and passed (don’t have my score yet). BIG thanks to Ryan and team for the great course content. Additional areas/documents/blogs to read and understand:
Use your own Encryption Keys with S3’s Server-Side Encryption
https://aws.amazon.com/blogs/aws/s3-encryption-with-your-keys/
New Amazon S3 Encryption & Security Features
https://aws.amazon.com/blogs/aws/new-amazon-s3-encryption-security-features/
How to Encrypt and Decrypt Your Data with the AWS Encryption CLI
Service Control Policies (SCPs)
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
Rotating Customer Master Keys
https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html
How can I make sure the bucket owner has access to resources that are copied or moved between Amazon S3 buckets owned by different AWS accounts?
https://aws.amazon.com/premiumsupport/knowledge-center/s3-bucket-owner-access/
Bucket Permission examples
Know how AWS services (DynamoDB, SSM, RDS, Kinesis, etc) integrate with and use KMS for encryption:
How AWS Systems Manager Parameter Store Uses AWS KMS
https://docs.aws.amazon.com/kms/latest/developerguide/services-parameter-store.html
How to encrypt and sign DynamoDB data in your application
https://aws.amazon.com/blogs/security/how-to-encrypt-and-sign-dynamodb-data-in-your-application/
How Amazon Relational Database Service Uses AWS KMS
https://docs.aws.amazon.com/kms/latest/developerguide/services-rds.html
Encrypt and Decrypt Amazon Kinesis Records Using AWS KMS
https://aws.amazon.com/blogs/big-data/encrypt-and-decrypt-amazon-kinesis-records-using-aws-kms/
look for similar topics by other members and read their tips
Good Luck!
Great resources many thanks
Thanks for the tips and resources. I’ll be taking the exam in a week!
https://aws.amazon.com/blogs/security/iam-policies-and-bucket-policies-and-acls-oh-my-controlling-access-to-s3-resources/
Thanks!
Thanks for this post, Yashar, your recommendations really helped me in passing the exam.