Amazon Web Services KMS Basics. The only guide you need!
What is this? [overview]
AWS Key Management System:-
Makes it easier for you to create and manage cryptographic keys. [These essentially protect your DATA!]
Secure, resilient and possesses a good reputation. [Compliance tested and graded]
Integrated with AWS CloudTrail and uses IAM for access control.
KMS keys are tied to Regions.
With that in mind, what are the features?
AWS KMS provides you with centralized control over the lifecycle and permissions of your keys. You can create new keys whenever you wish, and you can control who can manage keys versus who can use them.
AWS is not the only compatible key managment service that can be linked up to AWS. You can import keys
KMS stores Customer Master Keys(CMK) which is a logical representation of a key.
CMK never leaves KMS and never leaves a region
How KMS Encrypts Data
We start with the plain text and then use data keys along with an algorithm and come up with encrypted data.
Encrypted data is finally stored in a storage that can be anything(eg: EBS, EFS, S3…)
KMS then took the data key, and Encrypt it with a master key along with an encryption algorithm, resulting in it an encrypted data key, that is stored alongside with data.
AWS Console: Go to AWS Console → Security, Identity, & Compliance → Key Management Service → Create a key
For more information on bespoke tailored cybersecurity training or outsourcing a cyber security operation consultancy plan please email admin@cybercoaching.co.uk
Thank for reading,
Tom Sinclair | CIO | Cyber Coaching