1. Home
  2. Flashcards
  3. Preview

AWS section 7 KMS

  1. What is KMS?
    A key managed service that makes it easy for you to create and control the encryption keys used to encrypt your data.
  2. How does one set up a customer master key?
    • 1. create alias and description
    • 2. choose material option (ie amazon provided or one you imported or made)
    • 3. Define key administrative permissions
    •     - IAM users/roles that can administer (but        not use the key through the KMS API)
    • 4. Define key usage permissions
    •     - IAM users/roles that can use the key to          encrypt and decrypt data
  3. What is the customer master key and what does it consist of
    • It consists of:
    • - Alias
    • - creation date
    • - description
    • - key state (enabled/disabled)
    • - key material
  4. Can you export the CMK (customer master key). If you wanted to export keys, what would you use
    No. But if you want to export dem keys use cloud HSM
  5. What are the AWS cli commands we need to know for KMS? Really memorise these
    • - aws kms encrypt
    • - aws km decrypt
    • - aws kms re-encrypt
    • - aws kms enable-key rotation (lets you configure key rotation)
  6. What is envelope encryption?
    It is the process of encrypting your envelope key.

    The envelope key is the one that is used to encrypt our data.
  7. How does envelope envryption work?
    We have our encrypted data key

    We then use our master key to decrypt the encrypted data key

    This gives us our plain text data key?  which lets us decrypt the data
  8. Which of KMS or Cloud HSM is multi-tenant or dedicated hardware?
    KMS is multi-tenant and cloud hsm is dedicated hardware?
Author
keesukim
ID
350174
Card Set
AWS section 7 KMS
Description
key management service, customer master key stuff
Updated

  1. Home
  2. Flashcards
  3. Preview