- 최신
- 최다 투표
- 가장 많은 댓글
You can use Transport Layer Security (TLS) to encrypt the connection between your application and an Amazon DocumentDB cluster. By default, encryption in transit is enabled for newly created Amazon DocumentDB clusters. It can optionally be disabled when the cluster is created, or at a later time. When encryption in transit is enabled, secure connections using TLS are required to connect to the cluster. For more information connecting to Amazon DocumentDB using TLS, all details can be found https://docs.aws.amazon.com/documentdb/latest/developerguide/security.encryption.ssl.html
The AWS Encryption SDK is a client-side encryption library designed to make it easy for everyone to encrypt and decrypt data using industry standards and best practices. It enables you to focus on the core functionality of your application, rather than on how to best encrypt and decrypt your data.
As mentioned in this link , albeit for S3, it can be used to encrypt or decrypt data to be stored anywhere and gives an explanation on how the SDK works.
https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingClientSideEncryption.html
This answers both the questions, however, you have to be aware that the data has to be encrypted and decrypted using the Encryption SDK and the AWS Encryption SDK cannot interoperate with other libraries because each library returns encrypted data in a different format. Read the developer guide and be sure you understand the concepts and how it works.
https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/introduction.html
Looking at use cases, you can also enable TLS as previously answered which is in the DocumentDB documentation if the concern was to encrypt data in transit and enable encryption at rest for the DocumentDB cluster.
https://docs.aws.amazon.com/documentdb/latest/developerguide/encryption-at-rest.html
https://docs.aws.amazon.com/documentdb/latest/developerguide/security.encryption.ssl.html
The latest release of Amazon DocumentDB supports CSFLE. To get started with CSFLE, please refer to this blog
관련 콘텐츠
AWS 공식업데이트됨 8달 전
i'm concerned with encryption at rest.