Merge pull request #4 from getcft/release-1.0

nethacker · web-flow · commit d316607fae46 · 2019-06-03T17:19:22.000-07:00
Updated Readme
diff --git a/README.md b/README.md
@@ -3,39 +3,54 @@
 
 ## Description:
 
-This solution creates an [AWS DynamoDB](https://aws.amazon.com/dynamodb/) encrypted table with a primary key and sort key.
+This <a href="https://aws.amazon.com/cloudformation/" target="_blank">AWS CloudFormation</a> solution creates an AES-256 encrypted <a href="https://aws.amazon.com/dynamodb/" target="_blank"> AWS DynamoDB</a> table. The encryption key is managed via <a href="https://aws.amazon.com/kms" target="_blank"> AWS KMS</a>. Once your data is encrypted, Amazon DynamoDB handles authentication of access and decryption of your data transparently with a minimal impact on performance. You don't need to modify your database client applications to use encryption at rest.
 
-The AWS CloudFormation template creates a AWS DynamoDB encrypted example table that reflects a scenario where you have clients and invoices associated to those clients. The primary keys would be email address and the sort key would be invoices
+<img src="encrypted-aws-dynamodb.png" alt="Encrypted DynamoDB" />
 
-Amazon DynamoDB is a key-value and document database that delivers single-digit millisecond performance at any scale. It's a fully managed, multi-region, multi-master database with built-in security, backup and restore, and in-memory caching for internet-scale applications.
+AWS CloudFormation provides a common language for you to describe and provision all the infrastructure resources in your cloud environment.
 
-_***note AWS DynamoDB will incur costs**_
+Amazon DynamoDB is a key-value and document database that delivers single-digit millisecond performance at any scale. It's a fully managed, multiregion, multimaster database with built-in security, backup and restore, and in-memory caching for internet-scale applications. DynamoDB can handle more than 10 trillion requests per day and can support peaks of more than 20 million requests per second.
 
-* [DynamoDB pricing](https://aws.amazon.com/dynamodb/pricing/) resource used in example: 1 Provisioned Write and 1 Provisioned Read Capacity Unit
+AWS Key Management Service (KMS) makes it easy for you to create and manage keys and control the use of encryption across a wide range of AWS services and in your applications. AWS KMS is a secure and resilient service that uses FIPS 140-2 validated hardware security modules to protect your keys.
 
-## Prerequisites:
+## AWS Resource Costs
 
-* AWS account and environment configured with AWS Credentials
-* IAM user with AWSCloudFormationReadOnlyAccess, AmazonDynamoDBFullAccess
+As with most AWS services you will incur costs for usage. For this CloudFormation template the resources that incur costs are as follows.
 
-## See how it works:
+* Pricing:
 
-AWS Management Console
+   * <a href="https://aws.amazon.com/dynamodb/pricing/" target="_blank">DynamoDB pricing</a> resource used in example: *1 Provisioned Write and 1 Provisioned Read Capacity Unit*
+   * <a href="https://aws.amazon.com/kms/pricing/" target="_blank">KMS pricing</a> resource used in example: *1 KMS key*
 
-* Login to AWS Management Console
-* Launch in CloudFormation encrypted-dynamodb-cf-template.yml (from the repo you cloned)
+## Prerequisites
 
-CloudFormation Fields
+* <a href="https://aws.amazon.com" target="_blank"> Amazon Web Services Account</a>
+* <a href="https://aws.amazon.com/iam/" target="_blank">IAM</a> user with the following permissions:
+   * AWSCloudFormationReadOnlyAccess
+   * AmazonDynamoDBFullAccess
 
-* Stack name (Enter a name to associate to your AWS DynamoDB deployment)**Next**
-* Continue choosing **Next**
-* Click **Create**
+## CloudFormation Template
 
-## Test:
+* The CloudFormation Template is available on GitHub:
+   * <a href="https://github.com/getcft/aws-encrypted-dynamodb-cf-template" target="_blank">aws-encrypted-dynamodb-cf-template</a>
 
-In the AWS Management Console under DynamoDB you should be able to verify the following have been created:
+## Deploy the CloudFormation Template
 
-* 1 encrypted table named "Client_Invoice"
-* 1 Provisioned Write and 1 Provisioned Read Capacity Unit
-* Primary Key "client_email"
-* Sort Key "invoice_number"
+* AWS Management Console
+
+   * Login to *AWS Management Console*
+   * Launch under *CloudFormation* your *encrypted-dynamodb-cf-template.yml* (included in this repo)
+
+* CloudFormation Fields:
+
+   * *Stack name* (Enter a name to associate to your AWS DynamoDB deployment)
+   * Continue choosing *Next*
+   * Click *Create* (This will take a few minutes for resources to be created)
+
+## Results of the CloudFormation Template
+
+In the *AWS Management Console* you should be able to verify the following have been created.
+
+* Resources Created:
+   * 1 KMS AWS owned CMK for encryption
+   * 1 example *Client_Invoice* encrypted DynamoDB table, with a primary partition key *client_email* (type string), and a primary sort key *invoice_number* (type string).
diff --git a/encrypted-aws-dynamodb.png b/encrypted-aws-dynamodb.png
diff --git a/encrypted-dynamodb-cf-template.yml b/encrypted-dynamodb-cf-template.yml
@@ -1,4 +1,4 @@
-# Copyright [2018] [Phil Chen]
+# Copyright [2019] [Phil Chen]
 
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-# Copyright [2018] [Phil Chen]`
	`1`	`+# Copyright [2019] [Phil Chen]`
`2`	`2`
`3`	`3`	`# Licensed under the Apache License, Version 2.0 (the "License");`
`4`	`4`	`# you may not use this file except in compliance with the License.`