Encrypting Data at Rest by Using AWS Encryption Options

In this lab, you review the default data encryption and AWS Key Management Service (AMS KMS) encryption used to encrypt data at rest. You review the default encryption of the objects stored in Amazon Simple Storage Service (Amazon S3). You create an AWS KMS key and use it to encrypt objects stored in Amazon Elastic Block Store (Amazon EBS) volumes. You also observe how AWS CloudTrail provides an audit log of AWS KMS key usage and how disabling the key affects data access. After completing this lab, you should be able to do the following: Review the default encryption provided by Amazon S3. Access the encrypted Amazon S3 object. Create an AWS KMS customer managed key to encrypt and decrypt data at rest. Create and attach an encrypted data volume on an existing EC2 instance. Disable and re-enable an AWS KMS key and observe the effects on data access. Monitor encryption key usage by using CloudTrail event history. Review key rotation.