-
Notifications
You must be signed in to change notification settings - Fork 25
5.2
Review and ensure that you have setup your development environment before going through the steps below.
View the existing KMS keys at the KMS Console.
mkdir ~/environment/ceoa
cd ~/environment/ceoa
touch ceoa-5-kms.yml
Copy the contents from ceoa-5-kms.yml to your local ceoa-5-kms.yml file in Cloud9 and save it. This CloudFormation template references the IAM user you created in lesson 2 and creates a customer-managed KMS CMK.
Copy the CloudFormation CLI command below to launch the stack that creates a KMS Key.
aws cloudformation create-stack --stack-name ceoa-52-kms --template-body file:///home/ec2-user/environment/ceoa/ceoa-5-kms.yml --capabilities CAPABILITY_NAMED_IAM --disable-rollback
View the CloudFormation stacks at the CloudFormation Console.
Verify the KMS key was created by going to the KMS Console.
cd ~/environment/ceoa
touch ceoa-5-s3.yml
Copy the contents from ceoa-5-s3.yml to your local ceoa-5-s3.yml file in Cloud9 and save it. This CloudFormation template creates an Amazon S3 bucket and refers to an AWS-managed CMK.
Copy the CloudFormation CLI command below to launch the stack that creates an S3 Bucket with KMS encryption.
aws cloudformation create-stack --stack-name ceoa-5-s3 --template-body file:///home/ec2-user/environment/ceoa/ceoa-5-s3.yml --capabilities CAPABILITY_NAMED_IAM --disable-rollback
View the CloudFormation stacks at the CloudFormation Console.
Verify the S3 Bucket was enabled with KMS encryption by going to the S3 Console.
mkdir ~/environment/ceoa
cd ~/environment/ceoa
touch ceoa-5-ebs.yml
To get a list of AWS Availability Zones, type the following command:
aws ec2 describe-availability-zones
Copy the contents from ceoa-5-ebs.yml to your local ceoa-5-ebs.yml file in Cloud9 and save it. This CloudFormation template creates an encrypted Amazon EBS Volume bucket.
Copy the CloudFormation CLI command below to launch the stack that creates an EBS Volume with default encryption.
aws cloudformation create-stack --stack-name ceoa-5-ebs --template-body file:///home/ec2-user/environment/ceoa/ceoa-5-ebs.yml --capabilities CAPABILITY_NAMED_IAM --disable-rollback
- Once the ceoa-5-ebs CloudFormation stack is CREATE_COMPLETE, go to the EC2 Console.
- Click on Volumes.
- Select the checkbox next to ceoa-5-2-encrypted EBS volume the CloudFormation stack launched and verify the Encryption property in the Description tab is in the Encrypted state.
mkdir ~/environment/ceoa
cd ~/environment/ceoa
touch ceoa-5-ddb.yml
Copy the contents from ceoa-5-ddb.yml to your local ceoa-5-ddb.yml file in Cloud9 and save it. This CloudFormation template creates an encrypted Amazon DynamoDB Table.
Copy the CloudFormation CLI command below to launch the stack that creates DynamoDB table with default encryption.
aws cloudformation create-stack --stack-name ceoa-5-ddb --template-body file:///home/ec2-user/environment/ceoa/ceoa-5-ddb.yml --capabilities CAPABILITY_NAMED_IAM --disable-rollback
View the CloudFormation stacks at the CloudFormation Console.
Go to the DynamoDB console and verify KMS encryption is enabled for the table.
- Introduction
- Labs
- The Current State of Encryption
- Setup Development Environment
- Lesson 1: Automating AWS Resources
- Lesson 2: Key Management
- Lesson 3: Developing with Encryption
- Lesson 4: Encryption in Transit
- Lesson 5: Encryption at Rest
- Lesson 6: Detecting Encrypted Resources
- Lesson 7: Logging and Searching KMS Keys
- Lesson 8: Continuous Encryption
- Summary