KMS   Key Managed Service

sse-c

KMS > Most aws services | upto 4kb of data else use envelope encryption | must take snapshot /backup of all services except s3 to encrypt

Parameter Store

Secrets and configuration data management

o  Create a parameter , choose string, stringlist or (SSM Secure String parameter(with KMS key ID))

o  Reference parameters in your commands or code

CMK customer master key

KMS context aware

·     Decryption, Encryption context needs to be case sensitive and exact it can have different order and also some other case information.

CloudHSM

·     is a cloud based hardware security model (HSM) that allows to generate and use own cryptographic keys on the AWS Cloud. Manage use own encryption keys using FIPS 140-2 Level 3 validated HSM`s

private and public keys = asymmetric

 

o  Symmetric - encrypt / decrypt with the same key

o  Asymmetric - use different key for encryption and decryption