{"id":3181,"date":"2019-09-02T10:52:17","date_gmt":"2019-09-02T10:52:17","guid":{"rendered":"https:\/\/www.testpreptraining.com\/tutorial\/?page_id=3181"},"modified":"2020-05-02T05:03:51","modified_gmt":"2020-05-02T05:03:51","slug":"aws-kms","status":"publish","type":"page","link":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-professional-sap-c01\/aws-kms\/","title":{"rendered":"AWS KMS"},"content":{"rendered":"\n<ul class=\"wp-block-list\"><li>Anytime you hear \u201cencryption\u201d for an AWS\nservice, it\u2019s most likely KMS<\/li><li>Easy way to control access to data, AWS manages\nkeys for us<\/li><li>Fully integrated with IAM for authorization<\/li><li>Seamlessly integrated into:<\/li><li>Amazon EBS: encrypt volumes<\/li><li>Amazon S3: Server side encryption of objects<\/li><li>Amazon Redshift: encryption of data<\/li><li>Amazon RDS: encryption of data<\/li><li>Amazon SSM: Parameter store<\/li><li>You can also use the CLI \/ SDK<\/li><li>KMS can be used to decrypt\/encrypt up to 4KB of\ndata.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"366\" src=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/09\/image-40.png\" alt=\"\" class=\"wp-image-3392\"\/><\/figure>\n\n\n\n<p><strong>Steps to\nimplement Envelope Encryption <\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>Create\na new CMK, or re-use an existing CMK. This can be done the AWS Console, or with\nCLI using create-key.<\/li><li>Use\ngenerate-data-key to get a data key.<\/li><li>This\nreturns the plain text data key, and also an encrypted (with the specified CMK)\nversion of the data key. The encrypted version is referred to as a\nCipherTextBlob. Store the returned CipherTextBlob (we will need it later). The\nCipherTextBlob has metadata which tells KMS which CMK was used to generate it.\nStore this CipherTextBlob.<\/li><li>Use\nthe plain-text data key to encrypt any amount of data.<\/li><li>Throw\naway the plain-text data key, but be sure to store the CipherTextBlob along\nside the encrypted data.<\/li><li>To\ndecrypt, use the Decrypt API, sending it the CipherTextBlob from step (3).<\/li><li>The\nabove step will return the plain text data key (the same one we threw away).\nUse this key to decrypt the data.<\/li><li>Throw\naway the plain-text data key.<\/li><li>To\nencrypt more data, repeat steps 6, 7, 8 except use the plain text key to\nencrypt instead of decrypt.<\/li><\/ol>\n\n\n\n<p><strong>When to Use KMS<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Use AWS KMS to create and manage master keys (CMKs). You can establish policies that determine who can use CMKs and how they can use them. You can track their use in transaction and audit logs, such as AWS CloudTrail.<\/li><li>You can use CMKs to encrypt small amounts of data (up to 4096 bytes). However, CMKs are typically used to generate, encrypt, and decrypt the data keys that encrypt data. Unlike CMKs, data keys can encrypt data of any size and format, including streamed data.<\/li><\/ul>\n\n\n\n<p><strong>When not to use\nKMS<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>AWS KMS does not store or manage data keys, and you cannot use KMS to encrypt or decrypt with data keys. To use data keys to encrypt and decrypt, use the AWS Encryption SDK.<\/li><li>AWS KMS CMKs are backed by FIPS-validated hardware service modules (HSMs) that KMS manages. To manage own HSMs, use AWS CloudHSM.<\/li><li>AWS KMS only supports symmetric encryption. If you want to use asymmetric encryption, use AWS CloudHSM.<\/li><\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Anytime you hear \u201cencryption\u201d for an AWS service, it\u2019s most likely KMS Easy way to control access to data, AWS manages keys for us Fully integrated with IAM for authorization Seamlessly integrated into: Amazon EBS: encrypt volumes Amazon S3: Server side encryption of objects Amazon Redshift: encryption of data Amazon RDS: encryption of data Amazon&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":2471,"menu_order":24,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":""},"categories":[2],"tags":[7,552],"class_list":["post-3181","page","type-page","status-publish","hentry","category-amazon-aws","tag-aws","tag-aws-kms"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>AWS KMS - Testprep Training Tutorials<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-professional-sap-c01\/aws-kms\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"AWS KMS - Testprep Training Tutorials\" \/>\n<meta property=\"og:description\" content=\"Anytime you hear \u201cencryption\u201d for an AWS service, it\u2019s most likely KMS Easy way to control access to data, AWS manages keys for us Fully integrated with IAM for authorization Seamlessly integrated into: Amazon EBS: encrypt volumes Amazon S3: Server side encryption of objects Amazon Redshift: encryption of data Amazon RDS: encryption of data Amazon...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-professional-sap-c01\/aws-kms\/\" \/>\n<meta property=\"og:site_name\" content=\"Testprep Training Tutorials\" \/>\n<meta property=\"article:modified_time\" content=\"2020-05-02T05:03:51+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/09\/image-40.png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-professional-sap-c01\/aws-kms\/\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-professional-sap-c01\/aws-kms\/\",\"name\":\"AWS KMS - Testprep Training Tutorials\",\"isPartOf\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#website\"},\"datePublished\":\"2019-09-02T10:52:17+00:00\",\"dateModified\":\"2020-05-02T05:03:51+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-professional-sap-c01\/aws-kms\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-professional-sap-c01\/aws-kms\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-professional-sap-c01\/aws-kms\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"AWS Certified Solutions Architect Professional (SAP-C02)\",\"item\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-professional-sap-c01\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"AWS KMS\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#website\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\",\"name\":\"Testprep Training Tutorials\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.testpreptraining.ai\/tutorial\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#organization\",\"name\":\"Testprep Training\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png\",\"contentUrl\":\"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png\",\"width\":583,\"height\":153,\"caption\":\"Testprep Training\"},\"image\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"AWS KMS - Testprep Training Tutorials","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-professional-sap-c01\/aws-kms\/","og_locale":"en_US","og_type":"article","og_title":"AWS KMS - Testprep Training Tutorials","og_description":"Anytime you hear \u201cencryption\u201d for an AWS service, it\u2019s most likely KMS Easy way to control access to data, AWS manages keys for us Fully integrated with IAM for authorization Seamlessly integrated into: Amazon EBS: encrypt volumes Amazon S3: Server side encryption of objects Amazon Redshift: encryption of data Amazon RDS: encryption of data Amazon...","og_url":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-professional-sap-c01\/aws-kms\/","og_site_name":"Testprep Training Tutorials","article_modified_time":"2020-05-02T05:03:51+00:00","og_image":[{"url":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/09\/image-40.png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-professional-sap-c01\/aws-kms\/","url":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-professional-sap-c01\/aws-kms\/","name":"AWS KMS - Testprep Training Tutorials","isPartOf":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#website"},"datePublished":"2019-09-02T10:52:17+00:00","dateModified":"2020-05-02T05:03:51+00:00","breadcrumb":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-professional-sap-c01\/aws-kms\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-professional-sap-c01\/aws-kms\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-professional-sap-c01\/aws-kms\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.testpreptraining.ai\/tutorial\/"},{"@type":"ListItem","position":2,"name":"AWS Certified Solutions Architect Professional (SAP-C02)","item":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-solutions-architect-professional-sap-c01\/"},{"@type":"ListItem","position":3,"name":"AWS KMS"}]},{"@type":"WebSite","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#website","url":"https:\/\/www.testpreptraining.ai\/tutorial\/","name":"Testprep Training Tutorials","description":"","publisher":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.testpreptraining.ai\/tutorial\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#organization","name":"Testprep Training","url":"https:\/\/www.testpreptraining.ai\/tutorial\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/","url":"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png","contentUrl":"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png","width":583,"height":153,"caption":"Testprep Training"},"image":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/3181","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/comments?post=3181"}],"version-history":[{"count":3,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/3181\/revisions"}],"predecessor-version":[{"id":3393,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/3181\/revisions\/3393"}],"up":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/2471"}],"wp:attachment":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/media?parent=3181"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/categories?post=3181"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/tags?post=3181"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}