00:00Hi, this is Sham Shankar from eCast Cloud. In this video, I will explain about AWS service
00:08called AWS Certificate Manager. So what AWS Certificate Manager is? So this is a service
00:15which is used to issue certificate. So what exactly is certificate? So we have something
00:21called encryption in AWS. So when we want to encrypt a data transfer or we have to encrypt
00:28a trust. So for that, we need something called SSL and TLS Certificate. So what is exactly
00:36SSL and TLS Certificate? So when we want to transmit data securely, for example, let's
00:45say we have database in RDS and we want to securely transfer data from RDS database to the application
00:53which runs on eC2. For that, we have to send data securely so that it is not hacked in between
01:00the services. For that, we use something called encryption in transit. So this encryption in
01:06transit will secure data when transmitted between a service or a data center or a location in
01:13AWS. So for that, we use something called SSL or TLS Certificate, which is a digital certificate
01:20which is issued by AWS or it can be anything from the third party issuers. For example,
01:26let's say we are hosting a website for our business. So for that, we need SSL or we need
01:34SSL Certificate so that we can securely host our website so that the transfer between the browser
01:41and the website will be secured and it will be encrypted. So to store this SSL or TLS Certificate,
01:49we can use AWS Certificate Manager which will use to issue certificate. We can create store
01:55under renew those SSL or TLS Certificate. So this certificate can be public certificate can
02:04be signed by AWS Public Certificate Authority or it can be imported. We can import the third party
02:10issuer certificate to AWS Certificate Manager so that we can use those SSL certification to enable
02:19encryption in transit. So there is something called enable encryption and rest. So what exactly is
02:24this is? So we are protecting data and encrypt them at rest with the encryption key so that it is
02:31unreadable without the key. For example, let's say we are storing a data in S3 bucket and we want to be
02:38that encrypted. So for that, we need to enable encryption at rest so that anybody who's accessing or reading
02:46the S3 object in the AWS account should have that encrypted key for decryption so that he can read
02:55the key or she can read the protected data and he can follow the remaining actions. So for that
03:04encryption address, we have something called AWS KMS key. So it can be AWS managed or customer managed.
03:11So encryption is two types, encryption in transit and encryption is at rest. So when we come back to
03:19AWS Certificate Manager, it can be integrated with Elastic Load Balancing and it can be integrated with
03:25CloudFront which is a content delivery network service or it can be integrated with CloudFormation
03:31which is a infrastructure as a core service which will provide template of the application we are doing.
03:39So this SSL or TLS certificate can be managed using AWS Certificate Manager and there are two types of
03:49encryption, encryption in transit and encryption at rest. So with the help of this service, we can manage
03:55these certificates. Thank you.
Comments