Encryption:
While in-transit .ie. data traveling to and from Amazon S3-use
SSL/TLS and while at rest .ie. data stored on disks in Amazon S3 data centers - use SSE, CSE.
Server Side Encryption options (SSE):
- SSE-S3: AWS S3 Managed keys. Each object encrypted with unique key. Cost effective.
- SSE-KMS: Customer Master Keys stored in AWS Key Management Service.
- SSE-C: Customer-Provided keys
Client Side Encryption (CSE):
Encrypting data before sending it to Amazon S3.
Image by Markus Spiske from Pixabay
Top comments (0)