From the course: Amazon Web Services: Data Security
Unlock the full course today
Join today to access over 22,400 courses taught by industry experts or purchase this course individually.
Understand KMS policies and key caching - Amazon Web Services (AWS) Tutorial
From the course: Amazon Web Services: Data Security
Understand KMS policies and key caching
- [Instructor] Let's drill in a little bit to understand IAM and KMS policies. So IAM policies, of course, we know are attached to IAM users, groups, and roles. When we're working with Amazon Key Management Service, there are additional policies that are associated to these keys. They're called key policies. And they're attached to the customer master key, or CMKs. So you're going to use IAM policies in combination with a CMK policy, and you're going to do this by setting the CMK policy to include a policy statement that enables IAM policies. And I've given an example snippet of the JSON below here. So you can see that we have the sid, which is just text for us to understand what's going on, and the effect is allow. And we're setting this on the principal, so in this case the example is the root account, and the action is the really key line, KMS colon star, which means that the root can perform any activity on any object that's generated by KMS. The resource star means any object…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
-
-
What is a customer master key (CMK)?4m 8s
-
Design encryption with KMS3m 35s
-
Use KMS2m 34s
-
Understand KMS policies and key caching4m 36s
-
Understand CloudHSM5m 18s
-
Identify sensitive data using AWS Macie8m 48s
-
Design encryption with S3 for files5m 21s
-
Design encryption for RDS data2m 50s
-
Design encryption for EC2 EBS volumes2m 36s
-
Design encryption for IoT devices6m 35s
-
Encryption with Certificate Manager6m
-
-
-
-