AWS Key Management Service (KMS) is an offering from Amazon that allows you to create, store, and manage cryptographic keys. AWS KMS integrates with other AWS services and makes it easy to build secure cloud solutions in AWS.

Generating a secure cryptographic key involves supplying random data commonly referred to as key material. Being able to use AWS KMS to create a key that uses your own key material means that you have full control over the key generation process and enables compliance with strict key generation requirements.

In this hands-on lab, you will create a new key in AWS KMS, generate your own key material, and import your key material into AWS KMS.

Learning Objectives

Upon completion of this beginner level lab, you will be able to:

• Create a new key in AWS KMS
• Generate random data suitable for use with AWS KMS
• Import your key material into AWS KMS
• Create and attach an EBS volume encrypted with your AWS KMS key

Intended Audience

• Candidates for AWS certification
• Cloud Architects
• Data Engineers
• DevOps Engineers
• Software Engineers

Prerequisites

Familiarity with the following will be beneficial but is not required:

• AWS Key Management Service (KMS)
• The Bash shell
• Amazon Elastic Compute Cloud (EC2)
• Elastic Block Store (EBS)

The following courses can be used to fulfill the prerequisite:

• How to Use KMS Key Encryption to Protect Your Data
• Linux Command Line Byte Session
• Compute Fundamentals For AWS
• Storage Fundamentals for AWS

Updates

February 4th, 2022 - Added validation checks