hands-on lab

Configuring Access to AWS KMS Keys

Difficulty: Beginner
Duration: Up to 1 hour
Students: 436
Rating: 3.9/5
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.

Description

AWS Key Management Service (KMS) is a service that allows you to create and manage cryptographic keys in the public AWS cloud. Using these keys you can secure your data by encrypting it when it's stored and decrypting it on demand.

Learning how to securely manage access to AWS KMS keys is an important part of building secure well-architected systems using AWS. By learning about the options available, you will be more confident about the security posture of your data.

In this hands-on lab, you will see how to use key policies and grants to control access to a KMS key.

Learning objectives

Upon completion of this beginner-level lab, you will be able to:

  • Enable a KMS key
  • Encrypt data using a Python AWS Lambda function
  • Create a grant for a KMS key using the AWS CLI

Intended audiences

  • Candidates for the AWS Certified DevOps Engineer Professional certification
  • Cloud Architects
  • Data Engineers
  • DevOps Engineers
  • Software Engineers

Prerequisites

Familiarity with the following will be beneficial but is not required:

  • AWS Key Management Service (KMS)
  • AWS Lambda
  • AWS Identity and Access Management (IAM)
  • The Python scripting language

The following content can be used to fulfill the prerequisites:

Updates

December 27th, 2024 - Updated lab step to reflect the latest AWS Lambda console UI.

Environment before

Environment after

Covered topics

Lab steps

Logging In to the Amazon Web Services Console
Using the AWS Key Management service
Examining the AWS Lambda function
Allowing access with an AWS KMS key policy
Granting access to use a KMS key
Granting the CreateGrant permission