Home › Forums › AWS › AWS Certified Security – Specialty › Explain encryption at rest with S3 and KMS?
-
Explain encryption at rest with S3 and KMS?
-
Dear Team Tutorial Dojo,
Encryption at rest either with s3 own keys or AWS KMS manage keys r nothing more than to meet compliance. Let me explain. If the underlying VM or disk gets stolen, the data can’t be read in plaintext.
Else u r better of running client side tls and ensure the data park in s3 is encrypted in the first place and not rely on encryption at rest regardless if it’s customer managed keys or aws.
Key policy r just as useless even though u allow what can the user do to ur data. U r better of setting bucket policy or access point or gateway endpoint.
My understanding is the object in s3 should behave like those in databases as in encrypted which justify y they r encryption at rest.
Thanks and Best Regards,
David
-
Hello David,
Thank you for your feedback.
Please post a snippet of the question so we can look it up.
Thank you once again.
Regards,
JR @ Tutorials Dojo
Log in to reply.