You're reading from AWS Security Cookbook Practical solutions for securing AWS cloud infrastructure with essential services and best practices

Product type Paperback

Published in Oct 2024

Publisher Packt

ISBN-13 9781835081891

Length 428 pages

Edition 2nd Edition

Concepts

Cloud Security

Author (1):

Kanikathottu

View More author details

Table of Contents (13) Chapters

Preface

1. Chapter 1: Setting Up AWS Accounts and Organization

2. Chapter 2: Access Management with IAM Policies and Roles FREE CHAPTER

3. Chapter 3: Key Management with KMS and CloudHSM

4. Chapter 4: Securing Data on S3 with Policies and Techniques

5. Chapter 5: Network and EC2 Security with VPCs

6. Chapter 6: Web Security Using Certificates, CDNs, and Firewalls

7. Chapter 7: Monitoring with CloudWatch, CloudTrail, and Config

8. Chapter 8: Compliance with GuardDuty, Macie, Inspector, and Analyzer

9. Chapter 9: Advanced Identity and Directory Management

10. Chapter 10: Additional Services and Practices for AWS Security

11. Index

Why subscribe?

12. Other Books You May Enjoy

Creating keys in KMS

In this recipe, we will create a customer-managed KMS key with the key type set to symmetric key. A symmetric key is the most common key that we will create with KMS. It is also worth noting that KMS keys, which are the primary resources within KMS, were once known as customer master keys (CMKs). This renaming helps avoid confusion with the term customer-managed keys, which could also be abbreviated as CMKs.

Getting ready

We’ll need the following to complete this recipe:

A working AWS account (awsseccb-sandbox-1) and a user (awsseccbadmin1), as described in the Technical requirements section.
Two users or roles. These could be IAM users or roles, including those corresponding to IAM Identity Center users. I will be using the awsseccb_admin1 user as the key administrator. Key administrators can administer the key through the KMS API. I will use another user, awsseccb_user1, as the key user. Key users can use the customer-managed key to encrypt...