Learn how you can use the AWS Key Management Service to protect data in your applications. This talk shows you how to use the encryption features of AWS Key Management Service within your applications and provides an in-depth walk-through of applying policy control to keys to control access.
24. 2) S3 requests an encryption key for the requested key name1) Request to store data in S3 + key name for encryption4) S3 encrypts the data with the encryption key,
then deletes the key from memory
3) AWS KMS returns an encryption key
+ an encrypted version of the key
5) S3 stores the object along with the encrypted key
Amazon S3 KMS
Request
Policy
25. Amazon S3
2) S3 retrieves the encrypted data and the encrypted key.
S3 sends the encrypted key and the UserID to KMS.
1) Request to retrieve data4) S3 decrypts the data with the encryption key,
Then deletes the key from memory
3) AWS KMS unencrypts the encryption key
and returns the key to S3
5) S3 returns the data to the user
KMS
Request