Introduction

About AWS Key Management Service (KMS)

kms

KMS stands for Key Management Service, this is a service used to create and manage keys. AWS ensures your keys are completely securely managed. That means even AWS engineers cannot know your key.

In KMS you can choose to create Symmetric key (symmetric key) or Asymmetric key (asymmetric key) to make CMK (Customer Master Key). After creating the key, you can set a key policy to control access rights and key usage. You can use it in conjunction with AWS CloudTrail to capture logs.

Symmetric key:

  • A single key: A symmetric key uses only a single key to perform both data encryption and decryption tasks.
  • Easy to share: This key can be securely shared between trusted users who need access to encrypted data.
  • Faster: Encrypting and decrypting data with a symmetric key is usually faster than an asymmetric key.
  • High security requirements: Keeping the symmetric key secure is important because anyone with access to the key can decrypt the data.

Asymmetric key:

  • Key pair: Consists of a pair of keys, a public key and a private key.
  • Public and private: Public keys are distributed to those who need to encrypt data, while private keys - are kept secret.
  • Separate encryption and decryption: The public key is only used to encrypt data, while the private key is used to decrypt.
  • More secure distribution: Public keys can be widely distributed without affecting the security of data, just keep the private key safe.
  • Slower: Encryption and decryption with asymmetric keys are usually slower than with symmetric keys.

Additional reference links AWS Key Management Service

Introducing Amazon S3

s3

Amazon Simple Storage Service (Amazon S3) is an object storage service that provides industry-leading scalability, data availability, security, and performance. Customers of all sizes and industries can store and protect data of any size for virtually all use cases, such as data lakes, cloud-based applications, and cloud-based applications. mobile. With cost-effective storage layers and easy-to-use management features, you can optimize costs, organize data, and configure access controls fine-tuned to meet your requirements specific to business, organization and compliance.

S3 is highly scalable because it automatically increases your storage capacity on demand, and you only pay for the storage you use.

Amazon S3 Use Case

  • Building a data lake
  • Backup and restore important data
  • Store data at the lowest cost
  • Run cloud-based applications

Additional reference links Amazon S3

Introducing AWS CloudTrail

cloudtrail

AWS CloudTrail is a service that enables management, operational testing, and risk assessment of your AWS account. With CloudTrail, you can continuously log, monitor, and maintain account activity related to activities occurring on your AWS infrastructure.

Check the history of events/API calls in your AWS account, those events/API calls can be generated by:

  • Console
  • SDKs
  • CLI
  • AWS services

CloudTrail will be Enable by default

For example: You want to check who and when an EC2 instance was deleted…

Events are saved for up to 90 days on CloudTrail

To be able to save longer, log back on an S3 bucket and Athena to query data

Introducing AWS CloudTrail

Introducing Amazon Athena

athena

Amazon Athena is an interactive data query service on Amazon S3. It allows you to perform SQL queries on data stored in files stored in S3 without having to move or copy data to a traditional database. Athena makes it easy to query and analyze big data stored in S3 without needing to deploy or manage a database.

In case of used

  • Execute queries on S3, on-premises or other clouds
  • Prepare data for ML models
  • Build a distributed big data collation tool
  • Perform multi-cloud analytics

Introducing Amazon Athena