DynamoDB Encryption
- Server-side Encryption at Rest
- Enabled by default
- Uses KMS
- 256-bit AES Encryption
- Can use AWS owned CMK, AWS managed CMK, or customer managed CMK
- Encrypts primary key, secondary indexes, streams, global tables, backups and DAX clusters
- Encryption in transit
- Use VPC endpoints for applications running in a VPC
- Use TLS endpoints for encrypting data transit
DynamoDB Encryption Client
- For client-side encryption
- Added protection with encryption in-transit
- Results in end-to-end encryption
- Doesn't encrypt the entire table
- Encrypts the attribute values, but not the attribute names
- Doesn't encrypt values of the primary key attributes
- You can selectively encrypt other attribute values
- You can encrypt selected items in a table, or selected attribute values in some or all items
'AWS Database > AWS DynamoDB' 카테고리의 다른 글
| [AWS Certificate]-DynamoDB Streams (0) | 2022.01.09 |
|---|---|
| [AWS Certificate]-DynamoDB Backup & Restore (0) | 2022.01.09 |
| [AWS Certificate]-DynamoDB Accelerator (DAX) (0) | 2022.01.08 |
| [AWS Certificate]-DynamoDB Storing Larger Item (0) | 2022.01.08 |
| [AWS Certificate]-DynamoDB Best Practice (0) | 2022.01.08 |
