AWS Data Encryption and Secrets Management Services for Cloud and DevOps Engineers
Learning path for the AWS Cloud Practitioner exam
Table of contents
📝Introduction
This post will cover the main Technologies of AWS Data Encryption and Secrets Management Services.
📝Data Encryption and Secrets Management Services
Encryption -> It is a way of scrambling data so that only authorized parties can understand the information. In technical terms, it is the process of converting human-readable plaintext to incomprehensible text, also known as ciphertext.
Data in Flight Encryption -> Also referred to as data in transit(DIT) or data in motion is the encryption of data that moves over a network. This is especially important for those using the open internet for transporting data, which is part of most public cloud implementations.
Data at Rest Encryption (DARE) -> This s the encryption of the data that is stored in the databases and is not moving through networks. With DARE, data at rest including offline backups are protected.
AWS Key Management Service(KMS) -> Let us create, manage, and control cryptographic keys across your applications and AWS services.
AWS centrally manage keys and defines policies across integrated services and applications from a single point
Encrypt data within your applications with the AWS Encryption SDK data encryption library
Perform signing operations using asymmetric key pairs to validate digital signatures
Securely generate hash-based message authentication codes (HMACs) that ensure message integrity and authenticity
KMS in the Real World Scenarios:
Protect your data at rest. Activate server-side encryption with AWS KMS using KMS keys that you control and manage.
Sign and verify digital signatures. Protect signing operations with AWS KMS using asymmetric KMS keys.
AWS CloudHSM -> It helps to meet corporate, contractual, and regulatory compliance requirements for data security.
Generate and use your own cryptographic keys
Deploy workloads with high reliability and low latency, and help meet regulatory compliance
Manage HSM capacity and control your costs by adding and removing HSMs from your cluster
Dedicated hardware for security
Pay by the hour, and backup and shut down HSMs when they’re not needed
CloudHSM in the Real World Scenarios:
Encrypt data at rest. Start generating and using your own encryption keys with ease on AWS.
Offload SSL processing for web servers. Confirm web service identities and establish secure HTTPS connections over the internet using SSL and TLS.
AWS Secrets Manager -> It helps to manage, retrieve, and rotate database credentials, API keys, and other secrets throughout their lifecycles.
Centrally manage the lifecycle of secrets
Securely encrypt and centrally audit secrets such as database credentials and API keys
Manage access to secrets using fine-grained AWS Identity and Access Management (IAM) and resource-based policies
Rotate secrets automatically to meet your security and compliance requirements
Replicate secrets to support disaster recovery scenarios and multi-region applications
Secrets Manager in the Real World Scenarios:
Audit and monitor secrets usage. Integrate secrets with AWS logging, monitoring, and notification services.
AWS Certificates Manager(ACM) -> It is to provision, manage, and deploy public and private SSL/TLS certificates for use with AWS services and your internal connected resources.
Removes the time-consuming manual process of purchasing, uploading, and renewing SSL/TLS certificates
Use no-cost certificates with ACM integrated services
Use key management for the certificates
ACM in the Real World Scenarios:
Improve uptime. Maintain SSL/TLS certificates, including certificate renewals, with automated certificate management.
Thank you for reading. I hope you were able to understand and learn something helpful from my blog.
Please follow me on Hashnode and on LinkedIn franciscojblsouza