In this challenge lab, you will protect data in transit and at rest by using encryption. First, you will create an Amazon Key Management Service (KMS) key to manage the security of data at rest. Next, you will modify the key policy to allow the Amazon CloudTrail service to interact with KMS, and then you will create a CloudTrail trail that logs server-side encryption by using KMS. Finally, you will encrypt the data in an S3 bucket by using a KMS key. Note: Once you begin the challenge lab, you will not be able to pause, save, or exit and then return to your challenge lab. Please ensure that you have set aside enough time to complete the challenge lab before you start.
Learning Objectives
In this challenge lab, you will protect data in transit and at rest by using encryption. First, you will create an Amazon Key Management Service (KMS) key to manage the security of data at rest. Next, you will modify the key policy to allow the Amazon CloudTrail service to interact with KMS, and then you will create a CloudTrail trail that logs server-side encryption by using KMS. Finally, you will encrypt the data in an S3 bucket by using a KMS key. Note: Once you begin the challenge lab, you will not be able to pause, save, or exit and then return to your challenge lab. Please ensure that you have set aside enough time to complete the challenge lab before you start.