Create and Utilize a Customer Managed Key in AWS KMS
In this lab, you’ll practice creating and managing Customer Master Keys (CMKs) with AWS Key Management Service (KMS). When you’re finished with this lab, you’ll have the skills to create and manage CMKs and use them to encrypt data on different AWS services.
Terms and conditions apply.
Challenge
Log in as Max Tech
Log in as the IAM User Max.Tech.
Challenge
Create a Customer Master Key (CMK)
Create a symmetric CMK that will allow a user to encrypt and decrypt their data.
Challenge
Create an S3 File Encrypted with a CMK
Create an S3 file that only the specified user can encrypt or decrypt using their CMK.
Challenge
Verify the S3 File Is Only Accessible the CMK’s Assigned Users
Verify the encrypted file in the S3 bucket can be opened only by administrators and those with CMK permissions. In this case only the CTO and the CEO (an administrator) should be able to access the encrypted data.
Challenge
Remove the CMK
Disable and schedule deletion of CMKs and demonstrate how any previously encrypted data is no longer available.
Provided environment for hands-on practice
We will provide the credentials and environment necessary for you to practice right within your browser.
Guided walkthrough
Follow along with the author’s guided walkthrough and build something new in your provided environment!
Did you know?
On average, you retain 75% more of your learning if you get time for practice.
Recommended prerequisites
- IAM Users and Groups
- S3 Buckets