AWS Key Management Service (KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data. KMS uses FIPS 140-2 validated hardware security modules to protect the security of your keys. AWS Key Management Service is integrated with most other AWS services to help you protect the data you store with these services. AWS Key Management Service is also integrated with AWS CloudTrail and S3 to provide you with logs of all key usage to help meet your regulatory and compliance needs. This activity allows the student to get experience with how KMS integrates with services in AWS while encrypting S3 data with a default master key as well as a custom key.
Successfully complete this lab by achieving the following learning objectives:
- Create an Encrypted S3 Bucket
Let’s create an encrypted S3 bucket.
- Encrypt Two Files in S3 with Different Keys
Let’s encrypt two files in S3 with different keys: an AWS managed key and a customer managed key.