Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Does DocumentDB support client side encryption?

1

I understand DocumentDB supports SSE via KMS (1 key per cluster). However, does it support client-side encryption or the AWS encryption SDK?

Themen
Sicherheit, Identität & KonformitätDatenbank
Tags
AWS CloudHSMAWS-SchlüsselverwaltungsserviceAmazon DocumentDB
Sprache
English
Bruno_M
gefragt vor 2 Jahren662 Aufrufe
3 Antworten
2

You can use Transport Layer Security (TLS) to encrypt the connection between your application and an Amazon DocumentDB cluster. By default, encryption in transit is enabled for newly created Amazon DocumentDB clusters. It can optionally be disabled when the cluster is created, or at a later time. When encryption in transit is enabled, secure connections using TLS are required to connect to the cluster. For more information connecting to Amazon DocumentDB using TLS, all details can be found https://docs.aws.amazon.com/documentdb/latest/developerguide/security.encryption.ssl.html

AWS-User-0759610
beantwortet vor 2 Jahren
  • Bruno_M
    vor 2 Jahren

    i'm concerned with encryption at rest.

1

The AWS Encryption SDK is a client-side encryption library designed to make it easy for everyone to encrypt and decrypt data using industry standards and best practices. It enables you to focus on the core functionality of your application, rather than on how to best encrypt and decrypt your data.

As mentioned in this link , albeit for S3, it can be used to encrypt or decrypt data to be stored anywhere and gives an explanation on how the SDK works.

https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingClientSideEncryption.html

This answers both the questions, however, you have to be aware that the data has to be encrypted and decrypted using the Encryption SDK and the AWS Encryption SDK cannot interoperate with other libraries because each library returns encrypted data in a different format. Read the developer guide and be sure you understand the concepts and how it works.

https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/introduction.html

Looking at use cases, you can also enable TLS as previously answered which is in the DocumentDB documentation if the concern was to encrypt data in transit and enable encryption at rest for the DocumentDB cluster.

https://docs.aws.amazon.com/documentdb/latest/developerguide/encryption-at-rest.html

https://docs.aws.amazon.com/documentdb/latest/developerguide/security.encryption.ssl.html

AWS
VLS
beantwortet vor 2 Jahren
AWS
EXPERTE
Luca_I
überprüft vor 2 Jahren
0

The latest release of Amazon DocumentDB supports CSFLE. To get started with CSFLE, please refer to this blog

AWS
KT
beantwortet vor einem Jahr

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt