Scribd
Upload
6 views8 pages

Encrypt Data With AWS KMS

Uploaded by

suresh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
6 views8 pages

Encrypt Data With AWS KMS

Uploaded by

suresh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

NextWork.

org

Encrypt Data
With AWS KMS
Praneeth Bhandwalkar
Praneeth Bhandwalkar
NextWork Student NextWork.org

Introducing Today's Project!


In this project, I will demonstrate data encryption with AWS KMS (Key
Management Service) and protect that database using encryption AWS KMS.

Tools and concepts


Services I used include AWS Key Management Service (KMS), Amazon
DynamoDB, and (IAM). Key concepts I learned include encryption, key
management, and access control. Overall, this project provided hands-on
experience with AWS's security features.

Project reflection
This project took me approximately 80 mins of time.

The AWS KMS project is a significant undertaking aimed at enhancing data


security through effective key management and encryption.
Praneeth Bhandwalkar
NextWork Student NextWork.org

Encryption and KMS


Encryption is converting information or data into a code to prevent
unauthorized access. Companies and developers do this to safeguard sensitive
information Encryption keys are complex codes required to unlock the
encrypted data.

AWS KMS is a secure vault for your encryption keys, used to protect the data in
your AWS resources. Key management systems are important because they
help you manage all your encryption keys.

Encryption keys are broadly categorized as symmetric and asymmetric I set up


a symmetric key because it uses a single encryption key to both lock (encrypt)
and unlock (decrypt) your data and they are faster and efficient for encrypting
large.
Praneeth Bhandwalkar
NextWork Student NextWork.org

Encrypting Data
My encryption key will safeguard data in DynamoDB, which is a fully managed,
serverless NoSQL database service offered by AWS. It supports both key-value
and document data models.

The different encryption options in DynamoDB include Owned by Amazon


DynamoDB, AWS managed key. Their differences are based on the control and
management you have over the encryption keys. I selected Stored in your
account & owned and managed by you.
Praneeth Bhandwalkar
NextWork Student NextWork.org

Data Visibility
Rather than controlling who has access to the key, KMS manages user
permission by only those with the right permissions can use it to do specific
actions like encryption or decryption.

Despite encrypting my DynamoDB table, I could still see the table's items
because as a user have permission to use the encryption key in KMS.
DynamoDB uses transparent data encryption, which means DynamoDB
retrieves the encrypted data to decrypt it.
Praneeth Bhandwalkar
NextWork Student NextWork.org

Denying Access
I configured a new IAM user to access the full DynamoDB. The permission
policies I granted this user are Access full DynamoDB but not to the KMS key.

After accessing the DynamoDB table as the test user, I encountered an error
You don't have permission to kms:Decrypt because the user isnʼt allowed to
decrypt the data. This confirmed how KMS works - a KMS key can be
accessible to many users.
Praneeth Bhandwalkar
NextWork Student NextWork.org

EXTRA Granting Access


To let my test user the encryption key, I granted a role the permission to use a
key. My key's policy was updated to Administrator key access.

Using the test user, I retried to see the key and I observed that I could use the
key which confirmed that due to the key policy as administrator access, I can
use the keys.

Encryption secures data instead of restricting access to it. I could combine


encryption with a more robust security framework and to users to access
permissions and decryption keys can view the actual data.
NextWork.org

Everyone
should be in a
job they love.
Check out nextwork.org for
more projects

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy