AWS, AWS Interview Question

What are the different types of encryption mechanism available in AWS to encrypt data at rest in s3 ?

Data protection refers to protecting data while in-transit (as it travels to and from Amazon S3) and at rest (while it is stored on disks in Amazon S3 data centers)

1.Server-Side Encryption

Request Amazon S3 to encrypt your object before saving it on disks in its data centers and then decrypt it when you download the objects.

2.Client-Side Encryption 

Encrypt data client-side and upload the encrypted data to Amazon S3. In this case, you manage the encryption process, the encryption keys, and related tools.

You can protect data in transit using Secure Sockets Layer (SSL) or client-side encryption

In further deep:
Server-Side Encryption has 3 types

1.Use Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3)
2.Use Server-Side Encryption with Customer Master Keys (CMKs) Stored in AWS Key Management Service (SSE-KMS)
3.Use Server-Side Encryption with Customer-Provided Keys (SSE-C)

Client-Side Encryption has 2 types

1.Using a CMK Stored in AWS KMS
2.Using a Master Key Stored Within Your Application

Tagged ,

Leave a Reply