# Implementing Encryption in AWS

## Learning Objectives
- Understand the basics of encryption.
- Implement encryption for S3 buckets.
- Use KMS for key management.
- Recognize the importance of encrypting sensitive data.
- Differentiate between server-side and client-side encryption.

## Why This Matters

Encryption is vital for protecting sensitive data from unauthorized access, ensuring compliance with data protection regulations. In today's digital landscape, safeguarding personal and financial information is crucial to prevent data breaches and maintain trust.

## Encryption Basics

Encryption is the process of converting plaintext data into a coded format to prevent unauthorized access. It is essential for protecting sensitive information.

In [None]:
# Example of basic encryption using Python's hashlib
import hashlib

def encrypt_data(data):
    # Create a SHA-256 hash of the input data
    return hashlib.sha256(data.encode()).hexdigest()

# Example usage
plaintext = 'Sensitive Information'
encrypted = encrypt_data(plaintext)
print('Encrypted Data:', encrypted)

## Micro-Exercise 1

### Task Description
Define encryption in your own words.

In [None]:
# Micro-Exercise 1 Starter Code
# Write your definition of encryption below:

define_encryption = """
Your definition here.
"""
print('Your Definition of Encryption:', define_encryption)

## S3 Encryption Methods

AWS S3 provides multiple encryption options to secure data at rest and in transit. Understanding these methods is crucial for maintaining data integrity and confidentiality.

In [None]:
# Example of creating an S3 bucket with server-side encryption enabled
import boto3

# Create an S3 client
s3 = boto3.client('s3')

# Create a new S3 bucket with server-side encryption
bucket_name = 'my-encrypted-bucket'
s3.create_bucket(
    Bucket=bucket_name,
    CreateBucketConfiguration={'LocationConstraint': 'us-west-2'},
    ObjectLockEnabledForBucket=True,
    BucketEncryption={
        'ServerSideEncryptionConfiguration': {
            'Rules': [
                {
                    'ApplyServerSideEncryptionByDefault': {
                        'SSEAlgorithm': 'AES256'
                    }
                }
            ]
        }
    }
)
print(f'Bucket {bucket_name} created with server-side encryption enabled.')

## Micro-Exercise 2

### Task Description
List at least two encryption methods available in AWS.

In [None]:
# Micro-Exercise 2 Starter Code
# List two encryption methods available in AWS
encryption_methods = [
    'Server-Side Encryption with S3',
    'Client-Side Encryption'
]
print('Encryption Methods Available in AWS:', encryption_methods)

## Examples

### Example 1: Server-Side Encryption with S3
This example demonstrates how to enable server-side encryption when creating an S3 bucket.

In [None]:
# AWS CLI command to create an S3 bucket with server-side encryption
aws s3api create-bucket --bucket my-encrypted-bucket --create-bucket-configuration LocationConstraint=us-west-2 --server-side-encryption-configuration '{"Rules":[{"ApplyServerSideEncryptionByDefault":{"SSEAlgorithm":"AES256"}}]}'

### Example 2: Using KMS with S3
This example shows how to use AWS KMS to manage encryption keys for S3 objects.

In [None]:
# AWS CLI command to upload an object to S3 with KMS encryption
aws s3api put-object --bucket my-encrypted-bucket --key myfile.txt --body myfile.txt --ssekms-key-id arn:aws:kms:us-west-2:123456789012:key/abcd1234-56ef-78gh-90ij-klmnopqrstuv --server-side-encryption aws:kms

## Main Exercise

### Exercise Description
Log in to the AWS Management Console, create a new S3 bucket with server-side encryption enabled, upload a file to the bucket, and verify the encryption settings.

In [None]:
# Main Exercise Starter Code
# This is a placeholder for the exercise implementation.
# Follow the instructions in the exercise description to complete it.

## Common Mistakes

- Not encrypting sensitive data, which can lead to data breaches and compliance issues.

## Recap

In this lesson, we covered the importance of encryption, the different methods available in AWS, and how to implement encryption for S3 buckets. Next, we will explore more advanced topics in AWS security and compliance.