(sec406) new launch: building secure applications with aws key management service | aws re:invent...
DESCRIPTION
Learn how you can use the AWS Key Management Service to protect data in your applications. This talk shows you how to use the encryption features of AWS Key Management Service within your applications and provides an in-depth walk-through of applying policy control to keys to control access.TRANSCRIPT
November 12, Las Vegas, NV
Greg Roth, AWS Identity & Access Management
Object
Web Server
client
magic
Disks
Object
Web Server
client
magic
Disks
2) S3 requests an encryption key for the requested key name1) Request to store data in S3 + key name for encryption4) S3 encrypts the data with the encryption key,
then deletes the key from memory
3) AWS KMS returns an encryption key
+ an encrypted version of the key
5) S3 stores the object along with the encrypted key
Amazon S3 KMS
Request
Policy
Amazon S32) S3 retrieves the encrypted data and the encrypted key.
S3 sends the encrypted key and the UserID to KMS.1) Request to retrieve data4) S3 decrypts the data with the encryption key,
Then deletes the key from memory
3) AWS KMS unencrypts the encryption key
and returns the key to S3
5) S3 returns the data to the user
KMS
Request
http://bit.ly/awsevals
https://www.coursera.org/course/crypto
https://www.bouncycastle.org/docs/docs1.5on/index.ht
ml
http://bit.ly/awsevals