AWS Security Basics - AWS KMS, Client/Server Side Encryption, CMK, Data Key, Real World Use | Demo
HTML-код
- Опубликовано: 5 авг 2024
- In this video, we will learn
- How does encryption and decryption happen
- Client Side Encryption and Server Side Encryption
- Data Keys
- Master Key/Customer Master Key (CMK)
- Envelope Encryption
- AWS Managed Key and Customer Managed Key differences
- How to use CMKs in Real World Project
- Hands on Demo
💰👨🎓 Get my courses with max discount and 30 day moneyback guarantee: bit.ly/3Eku9RH
🙏Please Subscribe: bit.ly/2Yk0Kbb
*Connect with me*
🤳 Instagram: / cloudwithraj
🏢 LinkedIN: / cloudwithraj
🐦Twitter: / cloudwithraj
🖼 Facebook: / cloudwithraj Наука
Awesome overview, thank you!
Ty SpaceeManJones for the kind words, I am so glad you found this video useful. Feel free to check out other videos in my channel when your time permits. Thanks again.
Best video on the subject. This cleared up a lot of confusion. Thank you!
To the point , and real-life applications. Thanks for the videos...Appreciate your efforts.
I don't understand why this channel is not in AWS mainstream learning channel suggestions.
Thank you Raj, video was very helpful.
Great video! I really loved how you eased into KMS
The best video I've found on the subject. THANKS !!!
Excellent Tutorial. Cleared away the mystery surrounding KMS. Also, enjoyed your delivery. Made it fun to watch/listen.
Very kind of you John. Really appreciate the positive feedback!
Nicely done presentation with good energy, thank you. I appreciate the demo, which patiently went into proving how the encryption keys prevent access into encrypted files.
Thanks for the kind words! I am so happy you found this video useful. Stay safe and healthy.
Raj , It is easy to understand KMS , great job!
Dude your energy is awesome! First video I seen from you, looking forward to the rest!!
I appreciate that! Thanks for watching!
Great video ! Very clear and informative !
Thank you so much for the videos, they are really helping and motivating me in my SAA studies. Please keep on smashing it by sending awesome videos!! :)
Thanks Supriya for watching :). I am glad you found it helpful. I am making "How to Architect" video in next couple weeks which you will find helpful for SAA. Thanks again for kind words and support.
Love you man.... you have an awesome personality :)
thanks for the simple, yet crisp explanation!!
Glad it was helpful!
It's perfect :) Short, concise, useful
Glad it was helpful!
Thank You! An Overview well explained, Sir !
Most welcome!
Excellent, it is always good refresh these concepts :)
Nice Explanation...Thank you👍
Nicely explained with demo. keep doing more videos please..
Thanks Sami for the kind words! Check out my channel for other videos when you have a moment. Thanks again!
Quality video. Very useful. Thank you very much.
Glad it was helpful!
Thanks for the review
Simply Excellent!
I just would like to know in one case, if we have a bucket with images and video serving publicly and we do not want that someone should steal it quietly. Thanks
Good on ya mate, very clear and concise explanation, cheers
Much appreciated!
Good one sir, very informative... Thank you .
Ty Rajeev for your kind words! Have a great weekend.
Good explanation
Another awesome video!
Glad you enjoyed it! Thanks for watching!
Nice video Raj... Pls do more .. you explain complicated stuff simply... Thank you
Thanks for the kind words, I will try my best. Thanks for watching
Great Explanation!
Thanks Satya Santosh!
it will be fun
thanks for demystifying KMS for me...
Excellent, thank you
Thanks Mike, glad to hear you found the video useful.
Awesome video. Really helped in clearing the KMS Mystery!!
After watching this excellent video, I got a question in mind. when you applied KMS on a file, the user who was not having access(Bob) to KMS key could not access the file. This could have been done by ACL properties as well, why did we use KMS key? I thought KMS is actually used to encrypt the data and not to control the access. Would appreciate your response.
Appreciate the kind words Gaurav! Regarding SCL and KMS - ACL for VPC can be used for granular access using IP. However for enterprises, often one account/VPC is shared by multiple groups. In those cases, KMS is easier to segregate different apps. Also KMS gets integrated in IAM policy so you can do lot of funky conditions there (based on prefix, wildcard etc.), ACLs are pretty strict and can't do different conditions like IAM policies. Lastly for ACLs, if IP address changes you have to redo those, however for KMS you can use alias and even if the key material rotates, the policy need not change. Apologies for the long answer, hope this helps clarify your doubt.
Great work Sir
Thanks Deepali for the kind words.
Superb explanation
Thank you 🙂
thank you ...love you :)
You are so welcome
yes , I can access the kms encrypted object via iam permission . then i click open option I can view my object .
but here after 300 second it will be expire ???? why. please let me know
nicely explained.
Glad it was helpful!
simple and good.
Glad you liked it, thanks for watching
@Raja - Great effort and witty as always...Please edit comment you can "delete" KMS Managed AWS key at 4:32. Best of luck.
Hello sir,
Your tutorials are very helpful thank you so much. But i have a little bit of a different scenario.
Scenario:
I have an .mp4 file in S3 bucket(private)
I'm using Elastic Transcoder to convert that video in different resolutions and same time encrypting those files using SSE-KMS and storing back to S3
Finally to access Private content I'm using CloudFront with Signed URL.
Problem:
How to decrypt those media files?
If i do not encrypt files while transcoding, the whole scenario above mentioned is working properly.
Thank you for giving time to read this.
Hoping to hear from you soon
Hey, its a nice video. Quick question, if AWS managed keys are used to encrypt files in S3, can I still control the access using IAM policies as I don't see the same option of "key users" in KMS. If that can be controlled in a different way, what is the advantage of using customer managed keys other than having control of key management? Thanks in advance.
Super koo! session
Thanks T.K for the kind words!
Using CMK we can just encrypt data which is less than 4kb in size, in my case I have tried to upload 1 mb of file using AWS:KMS onto s3, and able to do so, how come? Internally is it using data-keys to achieve the same?
very nice
Thanks for watching!
Hi Raj. Nice video. one quick question .. from the example the policy restriction itself is enough to allow / deny read/download of file. If the user is not permitted to read file he is of course is restricted to read contents of it at the first level. Then decrypting is something as next step is obviously not reached. Can you please shed light on point of encryption in this scenario?
how does s3 take care about the data keys? where are the encrypted data keys for an encrypted file with that key stored? can i see the data key for a specific file see? do you have any infos about that? thank you a lot!!!!
I'm slightly confused here, I understood the encryption part, but doubt is when one user tried to access file from another account he wasn't able to do, I'm kinda confused because the same access permissions can be specified in bucket policies, can anyone help me out?
Do you have some video for all encryption options in S3, S3 SSE vs S3 SSE-KMS and S3 API settings etc
Hi Sir does KMS use a HSM behind the scenes always? if that is so why is there AWS CloudHSM? Thanks
We can achieve s3 file access control using bucket policies and Acl's rite.. 🤔
I like your lipstick 🌸
BAAAAAAACK!
Very Nice. But I have some confusion. Where is encryption and decryption, It was just restricting the rights on that particular file that can be done by bucket policy as well or by other means. Please clarify this.
Any videos for data in transit?
10:00
I wanna do a project on CLIENT-SIDE CRYPTOGRAPHY BASED SECURITY FOR CLOUD COMPUTING SYSTEM. Using AWS for this is costly. Sir ,In which cloud can I implement this one without much expense?.. Could you please suggest me an idea?
Rajdeep, buckets are private by default. How can bob see the bucket ?
Please update the title. There is no demonstration of client side encryption. Please provide a link if you have produced such. Thanks!
Are u working at Amazon office at U.S? Which city?
Yes sir. Used to be in NYC office, now home office of course :)
demo starts at 7:24
Okay, so the keys dont actually encrypt the data, as in they dont ever modify the contents of the file, they just essentially stop people who dont have decrypt permissions for the key from opening the file.
Or are the file contents actually encrypted in gibberish behind the scenes, but then once someone with key tries to open the file, it decrypts the contents from gibberish into the original file content?
Another Kumar sanu
Only if I had melodic voice like Sanuda, I would bust into songs every video 😉
Sir itny okhy ku ho rhy hain
Dude just fall back to your native accent.. but great coverage of features.