{"id":2799,"date":"2019-08-30T06:28:57","date_gmt":"2019-08-30T06:28:57","guid":{"rendered":"https:\/\/www.testpreptraining.com\/tutorial\/?page_id=2799"},"modified":"2020-05-01T12:32:43","modified_gmt":"2020-05-01T12:32:43","slug":"amazon-web-services-account-security-features","status":"publish","type":"page","link":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-associate-table-of-content\/amazon-web-services-account-security-features\/","title":{"rendered":"Amazon Web Services Account Security Features"},"content":{"rendered":"\n<p><strong>Data Encryption<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Encryption at rest available in EBS, S3,\nGlacier, RDS (Oracle and SQL Server) and Redshift.<\/li><li>Key management through AWS KMS &#8211; you can choose\nwhether to control the keys or let AWS.<\/li><li>Server side encryption of message queues in SQS.<\/li><li>Dedicated hardware-based cryptographic key\nstorage using AWS CloudHSM, allowing you to satisfy compliance requirements.<\/li><li>APIs to integrate AWS security into any\napplications you create. <\/li><\/ul>\n\n\n\n<p><strong>Server-Side Encryption<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>It is data encryption at rest<\/li><li>Like, Amazon S3 encrypts your data at the object\nlevel as it writes it to disks in its data centers and decrypts it for you when\nyou access it. <\/li><li>You need to authenticate your request and you\nhave access permissions <\/li><\/ul>\n\n\n\n<p>3 mutually exclusive options depending on how you choose to\nmanage the encryption keys:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Use Server-Side Encryption with Amazon\nS3-Managed Keys (SSE-S3) \u2013 Each object is encrypted with a unique key. As an\nadditional safeguard, it encrypts the key itself with a master key that it\nregularly rotates. Amazon S3 server-side encryption uses one of the strongest\nblock ciphers available, 256-bit Advanced Encryption Standard (AES-256), to\nencrypt your data. <\/li><li>Use Server-Side Encryption with AWS KMS-Managed\nKeys (SSE-KMS) \u2013 Similar to SSE-S3, but with some additional benefits along\nwith some additional charges for using this service. There are separate\npermissions for the use of an envelope key (that is, a key that protects your data&#8217;s\nencryption key) that provides added protection against unauthorized access of\nyour objects in Amazon S3. SSE-KMS also provides you with an audit trail of\nwhen your key was used and by whom. Additionally, you have the option to create\nand manage encryption keys yourself, or use a default key that is unique to\nyou, the service you&#8217;re using, and the Region you&#8217;re working in. <\/li><li>Use Server-Side Encryption with\nCustomer-Provided Keys (SSE-C) \u2013 You manage the encryption keys and Amazon S3\nmanages the encryption, as it writes to disks, and decryption, when you access\nyour objects. <\/li><\/ul>\n\n\n\n<p>Client-side encryption is the act of encrypting data before\nsending it to Amazon S3. To enable client-side encryption, you have the\nfollowing options:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Use an AWS KMS-managed customer master key.<\/li><li>Use a client-side master key.<\/li><\/ul>\n\n\n\n<p>The following AWS SDKs support client-side encryption:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>AWS SDK for .NET<\/li><li>AWS SDK for Go<\/li><li>AWS SDK for Java<\/li><li>AWS SDK for PHP<\/li><li>AWS SDK for Ruby<\/li><li>AWS SDK for C++<\/li><\/ul>\n\n\n\n<p><strong>Sample Implementation <\/strong><\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter\"><img loading=\"lazy\" decoding=\"async\" width=\"399\" height=\"400\" src=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/08\/image-271-399x400.png\" alt=\"\" class=\"wp-image-2809\" srcset=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/08\/image-271-399x400.png 399w, https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/08\/image-271-300x300.png 300w, https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/08\/image-271.png 468w\" sizes=\"auto, (max-width: 399px) 100vw, 399px\" \/><\/figure><\/div>\n\n\n\n<p>In above diagram:<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>The administrator encrypts a secret password by\nusing KMS. The encrypted password is stored in a file.<\/li><li>The administrator puts the file containing the\nencrypted password in an S3 bucket.<\/li><li>At instance boot time, the instance copies the\nencrypted file to an internal disk.<\/li><li>The EC2 instance then decrypts the file using KMS and retrieves the plaintext password. The password is used to configure the Linux encrypted file system with LUKS. All data written to the encrypted file system is encrypted by using an AES-256 encryption algorithm when stored on disk. <\/li><\/ol>\n","protected":false},"excerpt":{"rendered":"<p>Data Encryption Encryption at rest available in EBS, S3, Glacier, RDS (Oracle and SQL Server) and Redshift. Key management through AWS KMS &#8211; you can choose whether to control the keys or let AWS. Server side encryption of message queues in SQS. Dedicated hardware-based cryptographic key storage using AWS CloudHSM, allowing you to satisfy compliance&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":53,"menu_order":33,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":""},"categories":[2],"tags":[7,482,481],"class_list":["post-2799","page","type-page","status-publish","hentry","category-amazon-aws","tag-aws","tag-security-features","tag-web-services"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Amazon Web Services Account Security Features - Testprep Training Tutorials<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-associate-table-of-content\/amazon-web-services-account-security-features\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Amazon Web Services Account Security Features - Testprep Training Tutorials\" \/>\n<meta property=\"og:description\" content=\"Data Encryption Encryption at rest available in EBS, S3, Glacier, RDS (Oracle and SQL Server) and Redshift. Key management through AWS KMS &#8211; you can choose whether to control the keys or let AWS. Server side encryption of message queues in SQS. Dedicated hardware-based cryptographic key storage using AWS CloudHSM, allowing you to satisfy compliance...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-associate-table-of-content\/amazon-web-services-account-security-features\/\" \/>\n<meta property=\"og:site_name\" content=\"Testprep Training Tutorials\" \/>\n<meta property=\"article:modified_time\" content=\"2020-05-01T12:32:43+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/08\/image-271-399x400.png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-associate-table-of-content\/amazon-web-services-account-security-features\/\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-associate-table-of-content\/amazon-web-services-account-security-features\/\",\"name\":\"Amazon Web Services Account Security Features - Testprep Training Tutorials\",\"isPartOf\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#website\"},\"datePublished\":\"2019-08-30T06:28:57+00:00\",\"dateModified\":\"2020-05-01T12:32:43+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-associate-table-of-content\/amazon-web-services-account-security-features\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-associate-table-of-content\/amazon-web-services-account-security-features\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-associate-table-of-content\/amazon-web-services-account-security-features\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"AWS Certified Solutions Architect Associate (SAA-C03)\",\"item\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-associate-table-of-content\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Amazon Web Services Account Security Features\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#website\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\",\"name\":\"Testprep Training Tutorials\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.testpreptraining.ai\/tutorial\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#organization\",\"name\":\"Testprep Training\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png\",\"contentUrl\":\"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png\",\"width\":583,\"height\":153,\"caption\":\"Testprep Training\"},\"image\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Amazon Web Services Account Security Features - Testprep Training Tutorials","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-associate-table-of-content\/amazon-web-services-account-security-features\/","og_locale":"en_US","og_type":"article","og_title":"Amazon Web Services Account Security Features - Testprep Training Tutorials","og_description":"Data Encryption Encryption at rest available in EBS, S3, Glacier, RDS (Oracle and SQL Server) and Redshift. Key management through AWS KMS &#8211; you can choose whether to control the keys or let AWS. Server side encryption of message queues in SQS. Dedicated hardware-based cryptographic key storage using AWS CloudHSM, allowing you to satisfy compliance...","og_url":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-associate-table-of-content\/amazon-web-services-account-security-features\/","og_site_name":"Testprep Training Tutorials","article_modified_time":"2020-05-01T12:32:43+00:00","og_image":[{"url":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/08\/image-271-399x400.png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-associate-table-of-content\/amazon-web-services-account-security-features\/","url":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-associate-table-of-content\/amazon-web-services-account-security-features\/","name":"Amazon Web Services Account Security Features - Testprep Training Tutorials","isPartOf":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#website"},"datePublished":"2019-08-30T06:28:57+00:00","dateModified":"2020-05-01T12:32:43+00:00","breadcrumb":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-associate-table-of-content\/amazon-web-services-account-security-features\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-associate-table-of-content\/amazon-web-services-account-security-features\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-associate-table-of-content\/amazon-web-services-account-security-features\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.testpreptraining.ai\/tutorial\/"},{"@type":"ListItem","position":2,"name":"AWS Certified Solutions Architect Associate (SAA-C03)","item":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-associate-table-of-content\/"},{"@type":"ListItem","position":3,"name":"Amazon Web Services Account Security Features"}]},{"@type":"WebSite","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#website","url":"https:\/\/www.testpreptraining.ai\/tutorial\/","name":"Testprep Training Tutorials","description":"","publisher":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.testpreptraining.ai\/tutorial\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#organization","name":"Testprep Training","url":"https:\/\/www.testpreptraining.ai\/tutorial\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/","url":"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png","contentUrl":"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png","width":583,"height":153,"caption":"Testprep Training"},"image":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/2799","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/comments?post=2799"}],"version-history":[{"count":3,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/2799\/revisions"}],"predecessor-version":[{"id":5179,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/2799\/revisions\/5179"}],"up":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/53"}],"wp:attachment":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/media?parent=2799"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/categories?post=2799"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/tags?post=2799"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}