1 Resposta
- Mais recentes
- Mais votos
- Mais comentários
0
Hello,
S3 Bucket Key is not the encryption key itself, like data key it will need the use of KMS key stored in HSM to work but instead of making a call for each object you need to decrypt it will generate a S3 Bucket Key that lives in a "limited time windows" within the S3 bucket to access objects in your bucket. Hence reducing the cost by reducing the amounts of API call toward KMS (but not resulting to no more calls).
Using a S3 Bucket key still requires a KMS Key, either AWS or Customer Managed. So in my opinion it doesn't affect the FIPS 140-2 validation since it's still involving the HSM and KMS.
More info here: https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-key.html?icmpid=docs_amazons3_console#bucket-key-changes
respondido há 2 meses
Conteúdo relevante
- AWS OFICIALAtualizada há 9 meses
- AWS OFICIALAtualizada há um ano
- AWS OFICIALAtualizada há um ano