What is VPC?

What is Subnet?

I and my friend went to have tea on Saturday morning. Since he is a CTO of a small start-up that does pretty much everything including development which trigger me to ask him about technologies he is using at this company. So I started questioning him about which language he…

Server-Side Encryption with S3 managed keys(SSE-S3)

  • Requires minimal configuration
  • Management of encryption keys managed by AWS
  • All you need to do is to upload your data and S3 will handle all other aspects

Server-Side Encryption with KMS managed keys(SSE-KMS)

  • Allow S3 to use the Key Management Service to generate data…

HSM(Hardware Security Module)

— A physical tamper-resistant hardware appliance that is used to protect and safeguard cryptographic material and encryption keys

— Provide Federal Information Processing Standard(FIPS) 140–2 Level 3

— CloudHSM is a physical device

— NOT a multi-tenant device

CloudHSM — used for secure encryption key management and storage

Key Management Service

  • Stores and generates encryption keys
  • Can be used by AWS to encrypt your data
  • Uses HSMs that are managed by AWS
  • Less management control than CloudHSM
Nadtakan Futhoem — Sr. Software Engineer

Customer Master Keys(CMK)

  • This key can encrypt data up to 4KB in size
  • It is typically used in relation to your DEKs
  • The CMK can generate, encrypt and decrypt this DEK

There are 2 types of CMKs:

AWS managed CMKs

  • These are used by other…

AWS KMS uses Symmetric Cryptography

KMS is a managed service used to store and generate encryption keys that used by other AWS services and applications

  • S3 may use the KMS to enable S3 to offer and perform server-side encryption using SSE-KMS
  • KMS contains the keys to decrypt your private data

Relational Database Service(RDS)

RDS allows you to set up a relational database using PostgreSQL, MySQL, MariaDB, Oracle, MS SQL Server, and Amazon Aurora.

  • During the creation of your RDS database, you may enable encryption at the Configure Advanced Settings screen
  • Keys can be issued by KMS using AES-256
  • It’s not possible to set…

EMR is a managed service, comprised of a cluster of highly scalable EC2 instances to process and run big data frameworks

  • You can encrypt at rest or in transit or both
  • They exist as a separate entity within EMR
  • By default, the instances within a cluster don’t encrypt data at…

  • Unencrypted data can be read by anyone who has access to it whether this data is stored at rest or sit in between two locations in transit. It knows as plaintext or clear text data.
  • The data is plain to see and can be seen and understood by any recipient…


  • Pull service — message stays in the queue until it gets pulled
  • Standard Queues — Ordering is not guaranteed
  • FIFO Queues — get a message in the right order but might not be a good fit for high throughput


  • Push service — 1:M
  • Pub/Sub service
  • SMS — but not support…

Nadtakan Futhoem

Founder of Nadtakan.com & Serverless Cloud developer. Follow me on Twitter https://twitter.com/NadtakanF

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store