1 Answer
- Newest
- Most votes
- Most comments
0
Hi,
The AWS Database Encryption SDK seems provide what you ask for:
Working with multitenant databases
With the AWS Database Encryption SDK, you can configure client-side encryption for
databases with a shared schema by isolating each tenant with distinct encryption materials.
When considering a multitenant database, take some time to review your security requirements
and how multitenancy might impact them. For example, using a multitenant database might
impact your ability to combine the AWS Database Encryption SDK with another server-side encryption
solution.
The documentation starting point is here: https://docs.aws.amazon.com/database-encryption-sdk/latest/devguide/configure.html#config-multitenant-databases
This blog post implements the solution: https://aws.amazon.com/blogs/database/multi-tenant-data-isolation-with-postgresql-row-level-security/
Best,
Didier
Relevant content
- asked 3 years ago
- asked 4 months ago
- AWS OFFICIALUpdated 2 years ago
- How do I end long-running queries in my Amazon RDS for PostrgreSQL or Aurora PostgreSQL DB instance?AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 8 months ago
Hello, Didier. I do not intent to use multi-tenant database for this project. The solution I am looking for is targeting the isolation of the end user from the cloud service provider, not among the end users themselfs. At the current scenario the referred App works perfecly in the browser and the clients data is saved "directly" in the cloud database without encryption and read without decryption. This way, the part that provides the cloud service have access to the clients data (wich is not allowed for the purpose that the App is used for). I am looking for a black box between the client and the cloud database in order to perform the encryption (before send) and the decryption once received (withoud saving the data in the client machine eather). It is clear to me that this black box could be implemmented in a hardware or software format and that it will reside in client side for each one of them. I am looking to implemment the software format. Some sort of row cryptography with the black box in the middle. I am using PostgreSQL as a database (could pgAdmin help?) Will the solution you suggest fullfill the requirments I presented? Thanks