AWS Security Basics - AWS KMS, Client/Server Side Encryption, CMK, Data Key, Real World Use

AWS Security Basics - AWS KMS, Client/Server Side Encryption, CMK, Data Key, Real World Use | Demo

Рет қаралды 48,287

Cloud With Raj

Күн бұрын

Пікірлер: 95

@SpaceeManJones 5 жыл бұрын

Awesome overview, thank you!

@cloudwithraj 5 жыл бұрын

Ty SpaceeManJones for the kind words, I am so glad you found this video useful. Feel free to check out other videos in my channel when your time permits. Thanks again.

@nastusalmander Ай бұрын

This video very engaging and informative. Thank you!

@cloudwithraj Ай бұрын

Glad you enjoyed it!

@Awachit1 4 жыл бұрын

I don't understand why this channel is not in AWS mainstream learning channel suggestions. Thank you Raj, video was very helpful.

@NithyashreeCM 6 ай бұрын

Nice Explanation...Thank you👍

@kalyanchatterjee8003 4 жыл бұрын

Best video on the subject. This cleared up a lot of confusion. Thank you!

@spyl42 5 жыл бұрын

Excellent Tutorial. Cleared away the mystery surrounding KMS. Also, enjoyed your delivery. Made it fun to watch/listen.

@cloudwithraj 5 жыл бұрын

Very kind of you John. Really appreciate the positive feedback!

@himanshugta1724 11 ай бұрын

thanks for the simple, yet crisp explanation!!

@cloudwithraj 11 ай бұрын

Glad it was helpful!

@glennadams7047 3 жыл бұрын

The best video I've found on the subject. THANKS !!!

@aireddy 2 жыл бұрын

Raj , It is easy to understand KMS , great job!

@Amsterdam125 4 жыл бұрын

Nicely done presentation with good energy, thank you. I appreciate the demo, which patiently went into proving how the encryption keys prevent access into encrypted files.

@cloudwithraj 4 жыл бұрын

Thanks for the kind words! I am so happy you found this video useful. Stay safe and healthy.

@sujeetkumar. 3 жыл бұрын

Superb explanation

@cloudwithraj 3 жыл бұрын

Thank you 🙂

@saltdomeguy 3 жыл бұрын

Good explanation

@shashikantdivekar7839 3 жыл бұрын

Quality video. Very useful. Thank you very much.

@cloudwithraj 3 жыл бұрын

Glad it was helpful!

@danchisholm1 5 ай бұрын

thanks raj 🎉❤

@sseerangan 4 жыл бұрын

Nicely explained with demo. keep doing more videos please..

@cloudwithraj 4 жыл бұрын

Thanks Sami for the kind words! Check out my channel for other videos when you have a moment. Thanks again!

@RamKumar-tk2cb 3 жыл бұрын

Love you man.... you have an awesome personality :)

@TheKaushal8686 4 жыл бұрын

To the point , and real-life applications. Thanks for the videos...Appreciate your efforts.

@jazzburnett9877 4 жыл бұрын

Thank You! An Overview well explained, Sir !

@cloudwithraj 4 жыл бұрын

Most welcome!

@tahasaleh4697 4 жыл бұрын

Great video! I really loved how you eased into KMS

@nathanhan2089 Жыл бұрын

thanks for demystifying KMS for me...

@christianibiri 2 жыл бұрын

Excellent, it is always good refresh these concepts :)

@Abbyjuh 3 жыл бұрын

Any videos for data in transit?

@hippo50410 4 жыл бұрын

It's perfect :) Short, concise, useful

@cloudwithraj 4 жыл бұрын

Glad it was helpful!

@viveksharma5884 3 жыл бұрын

@Raja - Great effort and witty as always...Please edit comment you can "delete" KMS Managed AWS key at 4:32. Best of luck.

@youtubeDaddy525 4 жыл бұрын

Great video ! Very clear and informative !

@lakshravi364 4 жыл бұрын

simple and good.

@cloudwithraj 4 жыл бұрын

Glad you liked it, thanks for watching

@benedictsimpson6953 4 жыл бұрын

very nice

@cloudwithraj 4 жыл бұрын

Thanks for watching!

@gauravjand 5 жыл бұрын

Awesome video. Really helped in clearing the KMS Mystery!! After watching this excellent video, I got a question in mind. when you applied KMS on a file, the user who was not having access(Bob) to KMS key could not access the file. This could have been done by ACL properties as well, why did we use KMS key? I thought KMS is actually used to encrypt the data and not to control the access. Would appreciate your response.

@cloudwithraj 5 жыл бұрын

Appreciate the kind words Gaurav! Regarding SCL and KMS - ACL for VPC can be used for granular access using IP. However for enterprises, often one account/VPC is shared by multiple groups. In those cases, KMS is easier to segregate different apps. Also KMS gets integrated in IAM policy so you can do lot of funky conditions there (based on prefix, wildcard etc.), ACLs are pretty strict and can't do different conditions like IAM policies. Lastly for ACLs, if IP address changes you have to redo those, however for KMS you can use alias and even if the key material rotates, the policy need not change. Apologies for the long answer, hope this helps clarify your doubt.

@mikkid8271 3 жыл бұрын

how does s3 take care about the data keys? where are the encrypted data keys for an encrypted file with that key stored? can i see the data key for a specific file see? do you have any infos about that? thank you a lot!!!!

@deepalisingh5660 4 жыл бұрын

Great work Sir

@cloudwithraj 4 жыл бұрын

Thanks Deepali for the kind words.

@satya4866 4 жыл бұрын

Nice video Raj... Pls do more .. you explain complicated stuff simply... Thank you

@cloudwithraj 4 жыл бұрын

Thanks for the kind words, I will try my best. Thanks for watching

@MrDoublethumb 4 жыл бұрын

Super koo! session

@cloudwithraj 4 жыл бұрын

Thanks T.K for the kind words!

@regon1982ss 4 жыл бұрын

Thank you so much for the videos, they are really helping and motivating me in my SAA studies. Please keep on smashing it by sending awesome videos!! :)

@cloudwithraj 4 жыл бұрын

Thanks Supriya for watching :). I am glad you found it helpful. I am making "How to Architect" video in next couple weeks which you will find helpful for SAA. Thanks again for kind words and support.

@James-mv9qx 4 жыл бұрын

Good on ya mate, very clear and concise explanation, cheers

@cloudwithraj 4 жыл бұрын

Much appreciated!

@bwhelan237 3 жыл бұрын

Thanks for the review

@satyasantosh3143 4 жыл бұрын

Great Explanation!

@cloudwithraj 4 жыл бұрын

Thanks Satya Santosh!

@hebronspiritualmessages9382 3 жыл бұрын

We can achieve s3 file access control using bucket policies and Acl's rite.. 🤔

@kareemsharawi4778 4 жыл бұрын

Another awesome video!

@cloudwithraj 4 жыл бұрын

Glad you enjoyed it! Thanks for watching!

@rakeshms 4 жыл бұрын

nicely explained.

@cloudwithraj 4 жыл бұрын

Glad it was helpful!

@1970mcgraw 4 жыл бұрын

Excellent, thank you

@cloudwithraj 4 жыл бұрын

Thanks Mike, glad to hear you found the video useful.

@theycallmeken 4 жыл бұрын

Dude your energy is awesome! First video I seen from you, looking forward to the rest!!

@cloudwithraj 4 жыл бұрын

I appreciate that! Thanks for watching!

@saratvenkat2170 3 жыл бұрын

Hey, its a nice video. Quick question, if AWS managed keys are used to encrypt files in S3, can I still control the access using IAM policies as I don't see the same option of "key users" in KMS. If that can be controlled in a different way, what is the advantage of using customer managed keys other than having control of key management? Thanks in advance.

@Brand73 5 жыл бұрын

10:00

@diegoramos27 2 жыл бұрын

Hi Sir does KMS use a HSM behind the scenes always? if that is so why is there AWS CloudHSM? Thanks

@abnagb2514 4 жыл бұрын

it will be fun

@rajeevsinha2632 5 жыл бұрын

Good one sir, very informative... Thank you .

@cloudwithraj 5 жыл бұрын

Ty Rajeev for your kind words! Have a great weekend.

@francisantony12 16 күн бұрын

If the data ( file ) is encrypted by a data key, and the CMK is used to encrypt the data key, where is teh data key stored ? ( Does KMS create a paired [ inaccessible to the customers] data key whenever it kreates a CMK ? )

@preetbenipal1034 4 жыл бұрын

thank you ...love you :)

@cloudwithraj 4 жыл бұрын

You are so welcome

@ravindrabhatt 4 жыл бұрын

Do you have some video for all encryption options in S3, S3 SSE vs S3 SSE-KMS and S3 API settings etc

@aiyubkhan8523 4 жыл бұрын

yes , I can access the kms encrypted object via iam permission . then i click open option I can view my object . but here after 300 second it will be expire ???? why. please let me know

@theinnoverse 2 жыл бұрын

I'm slightly confused here, I understood the encryption part, but doubt is when one user tried to access file from another account he wasn't able to do, I'm kinda confused because the same access permissions can be specified in bucket policies, can anyone help me out?

@viveksharma5884 4 жыл бұрын

Rajdeep, buckets are private by default. How can bob see the bucket ?

@aadinathrakshe2852 4 жыл бұрын

Simply Excellent! I just would like to know in one case, if we have a bucket with images and video serving publicly and we do not want that someone should steal it quietly. Thanks

@owenouzheng9537 4 жыл бұрын

Are u working at Amazon office at U.S? Which city?

@cloudwithraj 4 жыл бұрын

Yes sir. Used to be in NYC office, now home office of course :)

@ankeshgaikwad7936 4 жыл бұрын

Hello sir, Your tutorials are very helpful thank you so much. But i have a little bit of a different scenario. Scenario: I have an .mp4 file in S3 bucket(private) I'm using Elastic Transcoder to convert that video in different resolutions and same time encrypting those files using SSE-KMS and storing back to S3 Finally to access Private content I'm using CloudFront with Signed URL. Problem: How to decrypt those media files? If i do not encrypt files while transcoding, the whole scenario above mentioned is working properly. Thank you for giving time to read this. Hoping to hear from you soon

@pratikmbm1990 4 жыл бұрын

Using CMK we can just encrypt data which is less than 4kb in size, in my case I have tried to upload 1 mb of file using AWS:KMS onto s3, and able to do so, how come? Internally is it using data-keys to achieve the same?

@saluja1986 3 жыл бұрын

Very Nice. But I have some confusion. Where is encryption and decryption, It was just restricting the rights on that particular file that can be done by bucket policy as well or by other means. Please clarify this.

@bigheartsmolpen 4 жыл бұрын

I like your lipstick 🌸

@kvishnuteja334 3 жыл бұрын

Hi Raj. Nice video. one quick question .. from the example the policy restriction itself is enough to allow / deny read/download of file. If the user is not permitted to read file he is of course is restricted to read contents of it at the first level. Then decrypting is something as next step is obviously not reached. Can you please shed light on point of encryption in this scenario?

@sanaasalam6473 2 жыл бұрын

I wanna do a project on CLIENT-SIDE CRYPTOGRAPHY BASED SECURITY FOR CLOUD COMPUTING SYSTEM. Using AWS for this is costly. Sir ,In which cloud can I implement this one without much expense?.. Could you please suggest me an idea?

@erickray777 4 жыл бұрын

Please update the title. There is no demonstration of client side encryption. Please provide a link if you have produced such. Thanks!

@vara62 3 жыл бұрын

demo starts at 7:24

@mianadnanfakhar.6968 3 жыл бұрын

Sir itny okhy ku ho rhy hain

@SogMosee 4 жыл бұрын

Okay, so the keys dont actually encrypt the data, as in they dont ever modify the contents of the file, they just essentially stop people who dont have decrypt permissions for the key from opening the file. Or are the file contents actually encrypted in gibberish behind the scenes, but then once someone with key tries to open the file, it decrypts the contents from gibberish into the original file content?