Introduction of AWS KMS

Post on 16-Apr-2017

350 views 1 download

Preview:

Click to see full reader
Report this document
SHARE

Transcript of Introduction of AWS KMS

ENCRYPTION WITH AWS KMS

Key Management Service

# whoami

DevOps Engineer | BrazilianEnjoys security and cloud automation

2015 was a big yearau.linkedin.com/in/ricardoxmit

http://au.linkedin.com/in/ricardoxmit

What to expect today?

• Understand options for protecting your data

• Understand how KMS works• Services that KMS is integrated with• S3 and KMS• EBS and KMS• Demo

What’s the main problem?

Options for encryption

1.Do it yourself2.AWS Marketplace -> partner

solutions3.Use AWS KMS4.HSM - Hardware Security

Module

If you don't use a service to manage your keys…

• Keys that live in config files are exposed

- Application vulnerabilities, OS vulnerabilities, staff turnover• It’s hard to track how the keys are being

used• Rotating keys can be painful

AWS Key Management Service (KMS)

• Managed service that simplifies creation, control, rotation, and use of encryption keys in your applications

• Integrated with AWS server-side encryption • S3, EBS, RDS, Amazon Aurora, Amazon

Redshift, WorkMail, Amazon WorkSpaces, CloudTrail, and Amazon Elastic Transcoder

"Keys" considerations with any solution

• Where are the keys stored? • Where are keys used? • Who has access to the keys?• How can you make sure keys are being

used for the correct people/applications?

Type of keys

• Symmetric key -> same key to encrypt and decrypt.

• Asymmetric key -> public / private key concept.

KMS uses Symmetric Encryption -> 256-bit AES for master key

Options to encrypt you data using KMS

1. Client-side encryption - you encrypt your data BEFORE data submitted to service.

2. Server-side encryption - AWS encrypts data on your behalf AFTER data is received by service.

AWS KMS gives you control

You define who can:• create key• use a key• enable/disable keys• audit use of keys using cloudtrail

How do I use KMS?Create Keys in KMS• Give a name and description to the

key• Choose the IAM users and roles

that can administer this key• Choose the IAM users and roles

that can use this key to encrypt and decrypt data

• A new policy will be created

KMS with EBS

KMS with S3

Considerations about KMS

• Keys are regionals. Re-encrypt your data with you move date between regions.

• Direct encryption is limited to 4k of data to optimize latency.

• Use envelope encryption with data keys for larger messages.

DEMO

Top related

MEXICOCITY WWPS Summit Assets... · 2020-03-23 · Flexible options for data encryption using the keys managed by AWS services, AWS keys managed through AWS KMS, or keys managed by
 Documents
DevOps Introduction - AWS Boston Meetup - AWS Presentation
 Software
Page 1 of 16 · aws iam create-policy --policy-name AviController-KMS-Policy --policy-document file://avicontroller-kms-policy.json Note: Following are the optional policies for AWS
 Documents
AWS Webcast - AWS 101 - Journey to the AWS Cloud: Introduction to AWS
 Technology
AWS Encryption SDK › en_us › encryption-sdk › ...10) the AWS Encryption SDK returns. AWS Key Management Service (AWS KMS) The AWS Encryption SDK can use AWS KMS customer master
 Documents
Consuming The DataLake€¦ · AWS KMS AWS CloudTrail Manage & Secure AWS IAM Amazon CloudWatch AWS Snowball AWS Storage Gateway Amazon Kinesis Data Firehose AWS Direct Connect AWS
 Documents
Transparent tablespace and log encryption on MariaDB 10.1 ... · 2 Agenda 1. Introduction 2. Concepts 3. InnoDB/XtraDB 4. Encryption Plugins 5. Amazon AWS KMS 6. Configuration
 Documents
Sunday, September 22, 2019constructedtruth.com › wp-content › uploads › 2019 › 09 › AWS-Certified... · AWS KMS - Key Management Service 19 ELB - Elastic Load Balancing
 Documents
Aws introduction tocloudstorage
 Technology
AWS Webcast - Introduction to AWS Support Services
 Technology
AWS Key Management Service - docs.aws.amazon.com … · AWS Key Management Service (AWS KMS) is a managed service that makes it easy for you to create and control the encryption keys
 Documents
AWS 101: Introduction to AWS
 Technology
Introduction to Monitoring on AWS - imdaysfl.com · Introduction to Monitoring on AWS . . . . .
 Documents
AWS KMS Hardware Security Module FIPS 140-2 Non · PDF fileAWS KMS Hardware Security Module FIPS 140-2 Non-Proprietary Security Policy Author: AWS Key Management Service Subject: AWS
 Documents
AWS NE Meetup - Introduction to AWS IAAS
 Technology
Introduction to DevOps on AWS - AWS Whitepaper€¦ · Introduction to DevOps on AWS AWS Whitepaper Introduction DevOps is a new term that primarily focuses on improved collaboration,
 Documents
Introduction to AWS Security - AWS Whitepaper · 01/07/2015  · Introduction to AWS Security AWS Whitepaper Abstract Introduction to AWS Security Publication date: January 2020 (Document
 Documents
Protecting Your Data in AWS - WordPress.com...Your application or AWS service + Data key Encrypted data key Encrypted data Master keys in customer’s account KMS How AWS services
 Documents
Introduction to AWS
 Technology
KMS Introduction
 Technology

Copyright © 2022 FDOCUMENTS