AWS Key Management Service (KMS) is a service that allows you to create and manage cryptographic keys in the public AWS cloud. Using these keys you can secure your data by encrypting it when it's stored and decrypting it on demand.

Learning how to securely manage access to AWS KMS keys is an important part of building secure well-architected systems using AWS. By learning about the options available, you will be more confident about the security posture of your data.

In this hands-on lab, you will see how to use key policies and grants to control access to a KMS key.

Learning objectives

Upon completion of this beginner-level lab, you will be able to:

• Enable a KMS key
• Encrypt data using a Python AWS Lambda function
• Create a grant for a KMS key using the AWS CLI

Intended audiences

• Candidates for the AWS Certified DevOps Engineer Professional certification
• Cloud Architects
• Data Engineers
• DevOps Engineers
• Software Engineers

Prerequisites

Familiarity with the following will be beneficial but is not required:

• AWS Key Management Service (KMS)
• AWS Lambda
• AWS Identity and Access Management (IAM)
• The Python scripting language

The following content can be used to fulfill the prerequisites:

• How to Use KMS Key Encryption to Protect Your Data
• Understanding AWS Lambda to Run and Scale Your Code
• Using IAM Policies to Define and Manage Permissions
• Python for Beginners