Search icon Close icon
Search icon
0
Cart icon
Close icon
You have no products in your basket yet
Arrow left icon
All Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletters
Free Learning
Arrow right icon
AWS Certified Solutions Architect ??? Associate Guide

You're reading from  AWS Certified Solutions Architect ??? Associate Guide

Product type Book
Published in Oct 2018
Publisher Packt
ISBN-13 9781789130669
Pages 626 pages
Edition 1st Edition
Languages
Concepts
Authors (2):
Gabriel Ramirez Gabriel Ramirez
Profile icon Gabriel Ramirez
LinkedIn
Gabriel Ramirez is a passionate technologist with a broad experience in the Software Industry, he currently works as an Authorized Trainer for Amazon Web Services and Google Cloud. He is holder of 9/9 AWS Certifications and does community work by organizing the AWS User Groups in Mexico.
See other products by Gabriel Ramirez
Stuart Scott Stuart Scott
Profile icon Stuart Scott
LinkedIn
Stuart Scott is the AWS content lead at Cloud Academy where he has created over 40 courses reaching tens of thousands of students. His content focuses heavily on cloud security and compliance, specifically on how to implement and configure AWS services to protect, monitor and secure customer data in an AWS environment. He has written numerous cloud security blogs Cloud Academy and other AWS advanced technology partners. He has taken part in a series of cloud security webinars to share his knowledge and experience within the industry to help those looking to implement a secure and trusted environment. In January 2016 Stuart was awarded 'Expert of the Year' from Experts Exchange for his knowledge share within cloud services to the community.
See other products by Stuart Scott
View More author details

Table of Contents (26) Chapters

Preface Introducing Amazon Web Services AWS Global Infrastructure Overview Elasticity and Scalability Concepts Hybrid Cloud Architectures Resilient Patterns Event Driven and Stateless Architectures Integrating Application Services Disaster Recovery Strategies Storage Options Matching Supply and Demand Introducing Amazon Elastic MapReduce Web Scale Applications Understanding Access Control Encryption and Key Management An Overview of Security and Compliance Services AWS Security Best Practices Web Application Security Cost Effective Resources Working with Infrastructure as Code Automation with AWS Introduction to the DevOps practice in AWS Mock Test 1
Mock Test 2
Assessment Another Book You May Enjoy

Encryption and Key Management

A key element of AWS security is the ability to be able to encrypt sensitive and confidential data across different services, helping to ensure it's protected from those who should not have access to the plaintext data. Understanding different encryption methods within these services allows you to maintain the confidentiality of the data.

This chapter will focus on a number of key services and the encryption options that are available to use. As a part of this, the Key Management Service, known as KMS, will also be discussed in detail. This service allows you to control and manage encryption keys which can either be imported from your own KMS system or those that are generated by AWS itself. The KMS service is also integrated with many other AWS services.

In this chapter, we will cover the following topics:

  • An overview of encryption
  • EBS encryption...

Technical requirements

To gain the most from this chapter, you should have a basic understanding of the following services. Since this chapter covers encryption, the following AWS services will be mentioned throughout:

  • Elastic Block Store (EBS)
  • Amazon Simple Storage Service (S3)
  • Relational Database Service (RDS)
  • IAM policies

An overview of encryption

Before we get deeper into the different techniques and methods used by AWS to encrypt your data, an overview and an understanding of the different key cryptography mechanisms is needed.

Any data that has not been encrypted is known as plaintext, which simply means that the data is in a readable format without the need for any mathematical intervention to alter the data before it can be read. When data is in a state of plaintext, anyone who has read access to the data can access it and view the information contained within it. As long as this data is not sensitive or contains confidential information, then this unencrypted data can remain unencrypted. However, if the data IS sensitive, such as containing customer details and information, then there will be a requirement to protect and secure this data as a priority.

Sensitive data must be encrypted, since...

EBS encryption

The Elastic Block Store (EBS) service is AWS's answer to block-level storage and is used as persistent, reliable, and highly available storage that is attached to your EC2 instances. EBS offers built-in encryption options that allow you to easily implement encryption for data stored on these volumes. Due to the importance and criticality of data protection, EBS supports encryption across all EBS volumes types and ensures that there is no negative performance impact relating to your IOPS of the volume. Do be aware, however, that although encryption is possible across all volume types, it is not available across all instance types within those volume types.

For an up-to-date list of available instances, please go to the following link: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#EBSEncryption_supported_instances.

One key point in understanding...

Amazon S3 encryption

Amazon S3 provides an object-level storage solution, allowing you to save objects up to 5 terabytes in size. Being a storage solution, and one of the most commonly used storage services within AWS, S3 provides a variety of encryption mechanisms to suit different requirements and compliance concerns.

There are five different encryption options available to encrypt your S3 objects, as follows:

  • Server-side encryption with S3 managed keys (SSE-S3)
  • Server-side encryption with KMS managed keys (SSE-KMS)
  • Server-side encryption with customer-managed keys (SSE-C)
  • Client-side encryption with KMS managed keys (CSE-KMS)
  • Client-side encryption with customer-managed keys (CSE-C)

The difference between server-side and client-side encryption is fairly simple. With server-side encryption, the encryption algorithm and process is run from the server-side—in this instance...

RDS encryption

When using Amazon RDS, there may be times when the data held within your database needs to encrypted due to its sensitivity. When RDS encryption is enabled, which uses the AES-256 algorithm, it ensures that all underlying storage that's used is encrypted, along with all associated read-replicas, automated backups, and snapshots, following the enablement without any further configuration needed.

RDS encryption is offered at rest and is easily enabled by using the following database engines:

  • Amazon Aurora
  • MySQL
  • MariaDB
  • PostgreSQL
  • Oracle
  • Microsoft SQL Server

How to enable encryption

As an example, to configure encryption for Amazon Aurora, you can perform the following steps:

  1. Select Amazon RDS from the...

Key Management Service (KMS)

Throughout this chapter, I have mentioned the Key Management Service a number of times, mainly in relation to other services using it such as S3 and RDS, as well as many other AWS services that require encryption to be performed.

We already know that KMS uses symmetric cryptography, and this was evident when we looked at the S3 encryption mechanisms, since we saw that the very same key was used to decrypt the data that was used to encrypt the data. This is essentially symmetric cryptography. In this section, I will dive a little deeper into KMS to allow you to gain more of an understanding about the service itself.

So, what is KMS?

KMS is a central repository for storing encryption keys (customer...

Summary

Encryption is a necessity when storing data within the cloud—there is a level of trust given to AWS any time a customer stores data on their infrastructure. However, should this data be sensitive and confidential, additional measures should be put in place by us as the customer to ensure that the data is protected. This is often a requirement of many compliance regulations and governance controls that organizations are required to meet. AWS is aware of the importance of this factor and so has provided numerous methods and mechanisms of encryption to allow you to do just that.

Many AWS services come with some form of encryption, and in this chapter, we covered some of the most common services which are referenced within the certification. These services interact with the KMS, and so gaining a good understanding of this service and the different services and components...

Further reading

lock icon The rest of the chapter is locked
arrow left Previous Chapter
Chapter 1 of 26
Next Chapter arrow right
You have been reading a chapter from
AWS Certified Solutions Architect ??? Associate Guide
Published in: Oct 2018 Publisher: Packt ISBN-13: 9781789130669
© 2018 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime}

Authors (2)

Left arrow icon
Profile icon Gabriel Ramirez
LinkedIn
Gabriel Ramirez is a passionate technologist with a broad experience in the Software Industry, he currently works as an Authorized Trainer for Amazon Web Services and Google Cloud. He is holder of 9/9 AWS Certifications and does community work by organizing the AWS User Groups in Mexico.
See other products by Gabriel Ramirez
Profile icon Stuart Scott
LinkedIn
Stuart Scott is the AWS content lead at Cloud Academy where he has created over 40 courses reaching tens of thousands of students. His content focuses heavily on cloud security and compliance, specifically on how to implement and configure AWS services to protect, monitor and secure customer data in an AWS environment. He has written numerous cloud security blogs Cloud Academy and other AWS advanced technology partners. He has taken part in a series of cloud security webinars to share his knowledge and experience within the industry to help those looking to implement a secure and trusted environment. In January 2016 Stuart was awarded 'Expert of the Year' from Experts Exchange for his knowledge share within cloud services to the community.
Read more
See other products by Stuart Scott
Right arrow icon

Other recommended products

Related to this chapter
Left arrow icon
AWS Certified Security – Specialty Exam Guide
AWS Certified Security – Specialty Exam Guide
Amazon has come up with Specialty certifications which validates a particular user's expertise that he/she would want to build a career in. This Guide will be a companion to getting skilled with complex and creative security solutions.
Sep 2020 18 hours 36 minutes
AWS Security Cookbook
AWS Security Cookbook
AWS Security Cookbook lists all the practical solutions to the common problems faced by individuals or organizations in securing their instances. Here readers will learn to troubleshoot security concerns and understand additional patterns and services for securing AWS infrastructure.
Feb 2020 14 hours 40 minutes
Practical AWS Networking
Practical AWS Networking
Amazon Web Services has dominated the public cloud market by a huge margin and continues to be the first choice for many organizations. Networking has been an area of focus for all the leading cloud service providers. AWS has a suite of network-related products which help in performing network related task on AWS.
Jan 2018 8 hours 36 minutes
AWS: Security Best Practices on AWS
AWS: Security Best Practices on AWS
With organizations moving their workloads, applications, and infrastructure to the cloud at an unprecedented pace, security of all these resources has been a paradigm shift for all those who are responsible for security; experts, novices, and apprentices alike.
Mar 2018 3 hours 56 minutes
Designing AWS Environments
Designing AWS Environments
AWS is one of the most popular public clouds available in the market today. Small to medium-sized businesses, as well as large business organizations, utilize AWS to set up highly scalable and agile infrastructure to meet faster time to market. This book provides hands-on details with respect to the fundamentals of designing an AWS environment with security and governance.
Sep 2018 5 hours 48 minutes
Mastering AWS Security
Mastering AWS Security
Security is a key ingredient when it comes to workloads deployed in cloud. Security is highest priority for any organization and it is considered job zero at AWS. Our book will dig deep into the achieving end to end automated security for all workloads deployed, running and stored in AWS cloud.
Oct 2017 8 hours 24 minutes
AWS Networking Cookbook
AWS Networking Cookbook
With a lot of enterprises moving towards cloud, the need for advanced cloud networking has significantly increased. This book follows a recipe-based approach starting with basic topics to covering the pain points of cloud networking, and will teach you to perform complex networking tasks.
Aug 2017 12 hours 12 minutes
Amazon Web Services Bootcamp
Amazon Web Services Bootcamp
AWS Bootcamp is designed to teach you how to build and manage AWS resources using different ways. This highly practical guide leverages the reliability, versatility, and flexible design of the AWS Cloud. It enables you to perform tasks such as hosting multi-tier websites, running large-scale applications, data storage and archival, and a lot more with ease.
Mar 2018 11 hours 16 minutes
AWS for System Administrators
AWS for System Administrators
AWS for System Administrators covers a variety of tools, techniques, tips, and tricks for building highly available and fault-tolerant infrastructure. You’ll get to grips with AWS fundamentals and concepts with the help of step-by-step explanations and practical code examples.
Feb 2021 12 hours 56 minutes
AWS Administration - The Definitive Guide
AWS Administration - The Definitive Guide
AWS is at the forefront of Cloud Computing today, providing a plethora of ready to use services that help organizations quickly build, scale and deploy massive workloads on the Cloud. This book is specially designed for users who wish to explore and get started with some of the most commonly used AWS services in a quick and efficient way.
Mar 2018 11 hours 56 minutes
AWS Certified Developer - Associate Guide
AWS Certified Developer - Associate Guide
With rapid adaptation of the cloud platform, the need for cloud certification has also increased. This is your one stop solution and will help you transform yourself from zero to certified. This guide will help you gain technical expertise in the AWS platform and help you start working with various AWS Services.
Jun 2019 27 hours 4 minutes
AWS Tools for PowerShell 6
AWS Tools for PowerShell 6
Amazon Web Services is the leading cloud platform today. Using Windows PowerShell, this book shows you exactly how to automate all aspects of AWS. You can take advantage of the amazing power of the cloud, yet add powerful scripts and mechanisms to perform common tasks faster than ever before. In this book, you will learn to use Amazon Web Services to automate and manage Windows servers. You will also gain a good understanding of automating the AWS infrastructure using simple coding.
Aug 2017 12 hours 24 minutes
Right arrow icon

Personalised recommendations for you

Based on your interests and search pattern
Left arrow icon
Designing and Implementing Microsoft Azure Networking Solutions
Designing and Implementing Microsoft Azure Networking Solutions
Designing and Implementing Microsoft Azure Networking Solutions Exam Ref AZ-700 is an all-encompassing guide to the AZ-700 exam and contains all the information you need to succeed in the world of virtual networking with Azure. With this book, you will be fully prepared for the exam and the world of cloud networking.
Aug 2023 17 hours 28 minutes
Microsoft 365 Security, Compliance, and Identity Administration
Microsoft 365 Security, Compliance, and Identity Administration
The Microsoft 365 Security, Compliance, and Identity Administration is a comprehensive guide that helps you employ Microsoft 365's robust suite of features and empowers you to optimize your administrative tasks.
Aug 2023 21 hours 0 minutes
Zero Trust Overview and Playbook Introduction
Zero Trust Overview and Playbook Introduction
Get started on Zero Trust with this step-by-step playbook and learn everything you need to know for a successful Zero Trust journey with tailored guidance for every role, covering strategy, operations, architecture, implementation, and measuring success. This book will become an indispensable reference for everyone in your organization.
Oct 2023 8 hours 0 minutes
The Self-Taught Cloud Computing Engineer
The Self-Taught Cloud Computing Engineer
This self-study book helps you master multiple clouds, including AWS, Azure, and GCP, and serves as a roadmap to becoming a certified cloud computing expert. The book will guide you to develop a professional cloud career by helping you build a broad cloud knowledge base, developing hands-on cloud computing skills, and getting cloud certified.
Sep 2023 15 hours 44 minutes
Technology Operating Models for Cloud and Edge
Technology Operating Models for Cloud and Edge
This book will help you build and create ownership of a technology operating model, as well as connect your leadership with engineering and operations, keeping your internal and external customers in mind. It provides practical tips on why, where, and how to make the cloud and edge platform paradigm sing for you, your team, and your organization.
Aug 2023 7 hours 36 minutes
Azure Architecture Explained
Azure Architecture Explained
Azure is the preferred platform to build mission-critical and secure apps. This book provides comprehensive coverage of essential Azure products, services, and solutions vital for every solution architect's success. Elevate your knowledge and master the critical components of Azure to excel in your role with Azure Architecture Explained.
Sep 2023 14 hours 52 minutes
Pentesting Active Directory and Windows-based Infrastructure
Pentesting Active Directory and Windows-based Infrastructure
This practical guide helps you explore the pentesting of Microsoft infrastructure in detail, and enhances your offensive skillset by showing you the different ways to perform security assessment. This book will help blue teamers and IT engineers get up to speed with possible security issues they may encounter in their Windows environments.
Nov 2023 12 hours 0 minutes
Practical Ansible
Practical Ansible
In Practical Ansible, you'll work with the latest release of Ansible and learn to solve complex issues quickly with the help of task-oriented scenarios. You'll start by installing and configuring Ansible to automate monotonous and repetitive IT tasks and get to grips with concepts such as playbooks, inventories, plugins, collections, and network modules.
Sep 2023 14 hours 0 minutes
Windows 11 for Enterprise Administrators
Windows 11 for Enterprise Administrators
Microsoft’s launch of Windows 11 is a step toward satisfying the enterprise administrator’s needs for better management and enhanced user experience customization. This book provides the enterprise administrator with the knowledge needed to fully utilize the advanced feature set of Windows 11 Enterprise.
Oct 2023 9 hours 32 minutes
The Linux DevOps Handbook
The Linux DevOps Handbook
This book is for software and IT professionals seeking knowledge on Linux systems and DevOps practices. This book will provide you with guidance and tools to learn and gain proficiency in managing Linux-based infrastructures and knowledge of DevOps.
Nov 2023 14 hours 16 minutes
Right arrow icon