2 回答
- 最新
- 投票最多
- 评论最多
-1
Hello,
You will not be able to use KMS for TDE configuration since TDE is native engine feature and the keys have to be generated from the database itself. But you will be able to store the generated key in AWS CloudHSM. For more information, please check below documents.
- Oracle database transparent data encryption (TDE) with AWS CloudHSM - https://docs.aws.amazon.com/cloudhsm/latest/userguide/oracle-tde.html
- AWS CloudHSM Use Cases (Part One of the AWS CloudHSM Series) - https://aws.amazon.com/blogs/security/aws-cloudhsm-use-cases-part-one-of-the-aws-cloudhsm-series/
已回答 23 天前
-1
Not sure if running DB instance on self-hosted EC2 is a requirement but RDS offers KMS integration: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Encryption.Keys.html
已回答 23 天前
相关内容
- AWS 官方已更新 2 年前
- AWS 官方已更新 7 个月前
check out this blog - https://aws.amazon.com/blogs/security/architecting-for-database-encryption-on-aws/
@rePost_koushald - My response is specific to database TDE (Native engine feature). We can use KMS for encryption in RDS (EBS level) but not in database TDE configuration. In the blog link you have shared above, it is clearly mentioned that you can use KMS to encrypt the RDS (Means the EBS attached in the underlying host) but not with TDE feature which comes as native engine feature.
For the databases hosted on EC2 also, you can use KMS to encrypt the EBS only but you cannot use KMS to configure database TDE (Native engine feature).