Subscription

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Conferences

Free Learning

You're reading from AWS Certified Security – Specialty Exam Guide Build your cloud security knowledge and expertise as an AWS Certified Security Specialist (SCS-C01)

Product type Paperback

Published in Sep 2020

Publisher Packt

ISBN-13 9781789534474

Length 558 pages

Edition 1st Edition

Tools

AWS

Concepts

Cloud Security

Authors (2):

Stuart Scott

Wilberto Palomar

View More author details

Table of Contents (27) Chapters

Preface

1. Section 1: The Exam and Preparation

2. AWS Certified Security - Specialty Exam Coverage FREE CHAPTER

3. Section 2: Security Responsibility and Access Management

4. AWS Shared Responsibility Model

5. Access Management

6. Working with Access Policies

7. Federated and Mobile Access

8. Section 3: Security - a Layered Approach

9. Securing EC2 Instances

10. Configuring Infrastructure Security

11. Implementing Application Security

12. DDoS Protection

13. Incident Response

14. Securing Connections to Your AWS Environment

15. Section 4: Monitoring, Logging, and Auditing

16. Implementing Logging Mechanisms

17. Auditing and Governance

18. Section 5: Best Practices and Automation

19. Automating Security Detection and Remediation

20. Discovering Security Best Practices

21. Section 6: Encryption and Data Security

22. Managing Key Infrastructure

23. Managing Data Security

24. Mock Tests

25. Assessments

26. Other Books You May Enjoy

Leave a review - let other readers know what you think

Server-side encryption with KMS-managed keys (SSE-KMS)

I covered this in the previous chapter, but for completeness, I will reiterate the process in this section, too.

This diagram shows the five-step encryption process when using SSE-KMS:

Let's understand the process:

Firstly, the client identifies the object(s) that are to be uploaded to S3, indicating SSE-KMS as the encryption mechanism, selecting either an AWS-managed or customer-managed CMK.
Amazon S3 will respond by initiating a request to generate Data Encryption Keys (DEKs) from KMS to allow S3 to encrypt the data submitted by the client.
Using the CMK selected in step 1, KMS will then generate two data keys: a plaintext data key and an encrypted version of that same data key.

KMS will send both of these data keys back to S3 to allow S3 to begin the encryption process using the plaintext data key.
At this stage, S3 then encrypts the object data with the plaintext version of the data key and stores the resulting...

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $19.99/month. Cancel anytime

Authors (2)

Palomar

Wilberto has More than 18 years of combined IT experience in banking, payment gateways, telecommunications, insurance and digital domain. He is currently working as a DevSecOps Lead at Lendi

See other products by Palomar

Stuart Scott

Stuart Scott is the AWS content lead at Cloud Academy where he has created over 40 courses reaching tens of thousands of students. His content focuses heavily on cloud security and compliance, specifically on how to implement and configure AWS services to protect, monitor and secure customer data in an AWS environment. He has written numerous cloud security blogs Cloud Academy and other AWS advanced technology partners. He has taken part in a series of cloud security webinars to share his knowledge and experience within the industry to help those looking to implement a secure and trusted environment. In January 2016 Stuart was awarded 'Expert of the Year' from Experts Exchange for his knowledge share within cloud services to the community.

See other products by Stuart Scott