Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
November 12, Las Vegas, NV
Greg Roth, AWS Identity & Access Management
Object
Web Server
client
magic
Disks
Object
Web Server
client
magic
Disks
2) S3 requests an encryption key for the requested key name1) Request to store data in S3 + key name for encryption4) S3 e...
Amazon S3
2) S3 retrieves the encrypted data and the encrypted key.
S3 sends the encrypted key and the UserID to KMS.
1) R...
http://bit.ly/awsevals
https://www.coursera.org/course/crypto
https://www.bouncycastle.org/docs/docs1.5on/index.ht
ml
http://bit.ly/awsevals
(SEC406) NEW LAUNCH: Building Secure Applications with AWS Key Management Service | AWS re:Invent 2014
(SEC406) NEW LAUNCH: Building Secure Applications with AWS Key Management Service | AWS re:Invent 2014
(SEC406) NEW LAUNCH: Building Secure Applications with AWS Key Management Service | AWS re:Invent 2014
(SEC406) NEW LAUNCH: Building Secure Applications with AWS Key Management Service | AWS re:Invent 2014
(SEC406) NEW LAUNCH: Building Secure Applications with AWS Key Management Service | AWS re:Invent 2014
(SEC406) NEW LAUNCH: Building Secure Applications with AWS Key Management Service | AWS re:Invent 2014
(SEC406) NEW LAUNCH: Building Secure Applications with AWS Key Management Service | AWS re:Invent 2014
(SEC406) NEW LAUNCH: Building Secure Applications with AWS Key Management Service | AWS re:Invent 2014
(SEC406) NEW LAUNCH: Building Secure Applications with AWS Key Management Service | AWS re:Invent 2014
(SEC406) NEW LAUNCH: Building Secure Applications with AWS Key Management Service | AWS re:Invent 2014
(SEC406) NEW LAUNCH: Building Secure Applications with AWS Key Management Service | AWS re:Invent 2014
(SEC406) NEW LAUNCH: Building Secure Applications with AWS Key Management Service | AWS re:Invent 2014
(SEC406) NEW LAUNCH: Building Secure Applications with AWS Key Management Service | AWS re:Invent 2014
(SEC406) NEW LAUNCH: Building Secure Applications with AWS Key Management Service | AWS re:Invent 2014
(SEC406) NEW LAUNCH: Building Secure Applications with AWS Key Management Service | AWS re:Invent 2014
(SEC406) NEW LAUNCH: Building Secure Applications with AWS Key Management Service | AWS re:Invent 2014
(SEC406) NEW LAUNCH: Building Secure Applications with AWS Key Management Service | AWS re:Invent 2014
(SEC406) NEW LAUNCH: Building Secure Applications with AWS Key Management Service | AWS re:Invent 2014
(SEC406) NEW LAUNCH: Building Secure Applications with AWS Key Management Service | AWS re:Invent 2014
(SEC406) NEW LAUNCH: Building Secure Applications with AWS Key Management Service | AWS re:Invent 2014
(SEC406) NEW LAUNCH: Building Secure Applications with AWS Key Management Service | AWS re:Invent 2014
(SEC406) NEW LAUNCH: Building Secure Applications with AWS Key Management Service | AWS re:Invent 2014
(SEC406) NEW LAUNCH: Building Secure Applications with AWS Key Management Service | AWS re:Invent 2014
(SEC406) NEW LAUNCH: Building Secure Applications with AWS Key Management Service | AWS re:Invent 2014
(SEC406) NEW LAUNCH: Building Secure Applications with AWS Key Management Service | AWS re:Invent 2014
(SEC406) NEW LAUNCH: Building Secure Applications with AWS Key Management Service | AWS re:Invent 2014
(SEC406) NEW LAUNCH: Building Secure Applications with AWS Key Management Service | AWS re:Invent 2014
(SEC406) NEW LAUNCH: Building Secure Applications with AWS Key Management Service | AWS re:Invent 2014
(SEC406) NEW LAUNCH: Building Secure Applications with AWS Key Management Service | AWS re:Invent 2014
(SEC406) NEW LAUNCH: Building Secure Applications with AWS Key Management Service | AWS re:Invent 2014
(SEC406) NEW LAUNCH: Building Secure Applications with AWS Key Management Service | AWS re:Invent 2014
(SEC406) NEW LAUNCH: Building Secure Applications with AWS Key Management Service | AWS re:Invent 2014
(SEC406) NEW LAUNCH: Building Secure Applications with AWS Key Management Service | AWS re:Invent 2014
(SEC406) NEW LAUNCH: Building Secure Applications with AWS Key Management Service | AWS re:Invent 2014
(SEC406) NEW LAUNCH: Building Secure Applications with AWS Key Management Service | AWS re:Invent 2014
(SEC406) NEW LAUNCH: Building Secure Applications with AWS Key Management Service | AWS re:Invent 2014
(SEC406) NEW LAUNCH: Building Secure Applications with AWS Key Management Service | AWS re:Invent 2014
(SEC406) NEW LAUNCH: Building Secure Applications with AWS Key Management Service | AWS re:Invent 2014
(SEC406) NEW LAUNCH: Building Secure Applications with AWS Key Management Service | AWS re:Invent 2014
(SEC406) NEW LAUNCH: Building Secure Applications with AWS Key Management Service | AWS re:Invent 2014
(SEC406) NEW LAUNCH: Building Secure Applications with AWS Key Management Service | AWS re:Invent 2014
(SEC406) NEW LAUNCH: Building Secure Applications with AWS Key Management Service | AWS re:Invent 2014
(SEC406) NEW LAUNCH: Building Secure Applications with AWS Key Management Service | AWS re:Invent 2014
Upcoming SlideShare
Loading in …5
×

(SEC406) NEW LAUNCH: Building Secure Applications with AWS Key Management Service | AWS re:Invent 2014

7,470 views

Published on

Learn how you can use the AWS Key Management Service to protect data in your applications. This talk shows you how to use the encryption features of AWS Key Management Service within your applications and provides an in-depth walk-through of applying policy control to keys to control access.

Published in: Technology

(SEC406) NEW LAUNCH: Building Secure Applications with AWS Key Management Service | AWS re:Invent 2014

  1. 1. November 12, Las Vegas, NV Greg Roth, AWS Identity & Access Management
  2. 2. Object Web Server client magic Disks
  3. 3. Object Web Server client magic Disks
  4. 4. 2) S3 requests an encryption key for the requested key name1) Request to store data in S3 + key name for encryption4) S3 encrypts the data with the encryption key, then deletes the key from memory 3) AWS KMS returns an encryption key + an encrypted version of the key 5) S3 stores the object along with the encrypted key Amazon S3 KMS Request Policy
  5. 5. Amazon S3 2) S3 retrieves the encrypted data and the encrypted key. S3 sends the encrypted key and the UserID to KMS. 1) Request to retrieve data4) S3 decrypts the data with the encryption key, Then deletes the key from memory 3) AWS KMS unencrypts the encryption key and returns the key to S3 5) S3 returns the data to the user KMS Request
  6. 6. http://bit.ly/awsevals
  7. 7. https://www.coursera.org/course/crypto https://www.bouncycastle.org/docs/docs1.5on/index.ht ml
  8. 8. http://bit.ly/awsevals

×