0
0
AWScloud~10 mins

KMS for key management in AWS - Interactive Code Practice

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Practice - 5 Tasks
Answer the questions below
1fill in blank
easy

Complete the code to create a new KMS key using AWS CLI.

AWS
aws kms create-key --description [1]
Drag options to blanks, or click blank then click option'
A"alias/mykey"
B--key-id
C"My KMS key"
D--region us-east-1
Attempts:
3 left
💡 Hint
Common Mistakes
Using --key-id instead of --description
Not enclosing the description in quotes
Using alias instead of description
2fill in blank
medium

Complete the code to create an alias for an existing KMS key.

AWS
aws kms create-alias --alias-name [1] --target-key-id 1234abcd-12ab-34cd-56ef-1234567890ab
Drag options to blanks, or click blank then click option'
A"key/myKeyAlias"
B"myKeyAlias"
C"alias/1234abcd"
D"alias/myKeyAlias"
Attempts:
3 left
💡 Hint
Common Mistakes
Omitting 'alias/' prefix
Using 'key/' prefix instead
Not quoting the alias name
3fill in blank
hard

Fix the error in the command to enable key rotation for a KMS key.

AWS
aws kms [1]-key-rotation --key-id 1234abcd-12ab-34cd-56ef-1234567890ab
Drag options to blanks, or click blank then click option'
Aenable
Bcreate
Cdisable
Dupdate
Attempts:
3 left
💡 Hint
Common Mistakes
Using 'create-key-rotation' which is invalid
Using 'update-key-rotation' which is invalid
Using 'disable-key-rotation' instead of 'enable-key-rotation'
4fill in blank
hard

Fill both blanks to list all KMS keys in a specific region.

AWS
aws kms [1]-keys --region [2]
Drag options to blanks, or click blank then click option'
Alist
Bus-west-2
Cdescribe
Deu-central-1
Attempts:
3 left
💡 Hint
Common Mistakes
Using 'describe-keys' which is invalid
Omitting the region or using wrong region code
Using 'list' without '-keys'
5fill in blank
hard

Fill all three blanks to create a KMS key with a policy that allows encryption.

AWS
aws kms create-key --policy '{{"Version": "2012-10-17", "Statement": [{"Effect": "Allow", "Principal": [1], "Action": [2], "Resource": [3]] }}'
Drag options to blanks, or click blank then click option'
A{"AWS": "arn:aws:iam::123456789012:user/Alice"}
B["kms:Encrypt"]
C"*"
D{"AWS": "arn:aws:iam::123456789012:root"}
Attempts:
3 left
💡 Hint
Common Mistakes
Using root ARN instead of specific user
Not using a list for Action
Using a specific resource ARN instead of '*'