Skip to main content

How we can protect data in s3

We can protect the data in s3 in two ways.

1. Protecting Data Using Server-Side Encryption

In this case customer requests Amazon S3 to encrypt your object before saving it on disks in its data centers and decrypt it   when you download the objects.

How? 

Reference: https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html



  • Use Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3) – Each object is encrypted with a unique key employing strong multi-factor encryption. As an additional safeguard, it encrypts the key itself with a master key that it regularly rotates. Amazon S3 server-side encryption uses one of the strongest block ciphers available, 256-bit Advanced Encryption Standard (AES-256), to encrypt your data.

    Reference:  Protecting Data Using Server-Side Encryption with Amazon S3-Managed Encryption Keys (SSE-S3).
  • Use Server-Side Encryption with AWS KMS-Managed Keys (SSE-KMS) – Similar to SSE-S3, but with some additional benefits along with some additional charges for using this service. There are separate permissions for the use of an envelope key (that is, a key that protects your data's encryption key) that provides added protection against unauthorized access of your objects in S3. SSE-KMS also provides you with an audit trail of when your key was used and by whom. Additionally, you have the option to create and manage encryption keys yourself, or use a default key that is unique to you, the service you're using, and the region you're working in.

    Reference: Protecting Data Using Server-Side Encryption with AWS KMS–Managed Keys (SSE-KMS).
  • Use Server-Side Encryption with Customer-Provided Keys (SSE-C) – You manage encryption/decryption of your data, the encryption keys, and related tools.

    Reference: Protecting Data Using Server-Side Encryption with Customer-Provided Encryption Keys (SSE-C).


2. Protecting Data Using Client-Side Encryption

In this case customer can encrypt data client-side and upload the encrypted data to Amazon S3. In this case, you manage the encryption process, the encryption keys, and related tools.

How? 

Option 1: Using an AWS KMS–Managed Customer Master Key (CMK)

Option 2: Using a Client-Side Master Key

Reference: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html


Labels

Labels:

Comments

Post a Comment

Popular posts from this blog

What is the difference between Elastic and Enterprise Redis w.r.t "Hybrid Query" capabilities

  We'll explore scenarios involving nested queries, aggregations, custom scoring, and hybrid queries that combine multiple search criteria. 1. Nested Queries ElasticSearch Example: ElasticSearch supports nested documents, which allows for querying on nested fields with complex conditions. Query: Find products where the product has a review with a rating of 5 and the review text contains "excellent". { "query": { "nested": { "path": "reviews", "query": { "bool": { "must": [ { "match": { "reviews.rating": 5 } }, { "match": { "reviews.text": "excellent" } } ] } } } } } Redis Limitation: Redis does not support nested documents natively. While you can store nested structures in JSON documents using the RedisJSON module, querying these nested structures with complex condi...
Post a Comment
Read more

Training LLM model requires more GPU RAM than storing same LLM

Storing an LLM model and training the same model both require memory, but the memory requirements for training are typically higher than just storing the model. Let's dive into the details: Memory Requirement for Storing the Model: When you store an LLM model, you need to save the weights of the model parameters. Each parameter is typically represented by a 32-bit float (4 bytes). The memory requirement for storing the model weights is calculated by multiplying the number of parameters by 4 bytes. For example, if you have a model with 1 billion parameters, the memory requirement for storing the model weights alone would be 4 GB (4 bytes * 1 billion parameters). Memory Requirement for Training: During the training process, additional components use GPU memory in addition to the model weights. These components include optimizer states, gradients, activations, and temporary variables needed by the training process. These components can require additional memory beyond just storing th...
Post a Comment
Read more

How are vector databases used?

  Vector Databases Usage: Typically used for vector search use cases such as visual, semantic, and multimodal search. More recently, they are paired with generative AI text models for conversational search experiences. Development Process: Begins with building an embedding model designed to encode a corpus (e.g., product images) into vectors. The data import process is referred to as data hydration. Application Development: Application developers utilize the database to search for similar products. This involves encoding a product image and using the vector to query for similar images. k-Nearest Neighbor (k-NN) Indexes: Within the model, k-nearest neighbor (k-NN) indexes facilitate efficient retrieval of vectors. A distance function like cosine is applied to rank results by similarity.
Post a Comment
Read more