Menu
×
   ❮   
HTML CSS JAVASCRIPT SQL PYTHON JAVA PHP HOW TO W3.CSS C C++ C# BOOTSTRAP REACT MYSQL JQUERY EXCEL XML DJANGO NUMPY PANDAS NODEJS R TYPESCRIPT ANGULAR GIT POSTGRESQL MONGODB ASP AI GO KOTLIN SASS VUE DSA GEN AI SCIPY AWS CYBERSECURITY DATA SCIENCE
     ❯   

AWS Serverless Protect Your Data in Transit and at Rest


Protect Your Data in Transit and at Rest

The first step in protecting your data is by encrypting it.

The reason for that is URL parameters like request path and query strings are not always encrypted.

Encryption is the process of converting data from plain text to unreadable format.

If you use the standard output to write logs, you risk exposing unencrypted sensitive data.

Sensitive data should be encrypted before processing to maintain end-to-end encryption.

Also, avoid sending or storing unencrypted sensitive data in an HTTP request path/query string.

Remember that you are in charge of the inputs and outputs.

To secure your Lambda functions, use IAM permissions and roles with limited scope.

Create smaller functions that accomplish specific tasks and don't share IAM roles.

Use IAM roles to give permissions between services.


Protect Your Data in Transit and at Rest Video

W3schools.com collaborates with Amazon Web Services to deliver digital training content to our students.


Data Protection Best Practices

To encrypt the data, you can use AWS Key Management Service (KMS).

Alongside that, you can rely on serverless data protection best practices:

  • Learn how to use AWS managed services to lessen your security load
  • Think about security at every point of integration in your distributed system
  • Limit access to your Lambda functions and other AWS services using IAM permissions and roles
  • Create smaller Lambda functions that perform scoped activities
  • Don’t share IAM roles between functions
  • Use environment variables or AWS Secrets Manager to deliver data to a Lambda function.

Avoid sending or storing unencrypted sensitive data in an HTTP request.

Also, avoid sending or storing unencrypted sensitive data in the Lambda function's standard output.


Summary of data encryption options

The table below shows encryption options for AWS data stores.

Data store Encryption at Rest
Amazon S3
Configure server-side encryption with:
1. Amazon S3 managed keys
2. Customer master keys (CMKs) stored in AWS Key Management Service (KMS)
3. Customer provided keys
Amazon DynamoDB
At rest, secure data using encryption keys stored in AWS KMS
When creating a table, you may use AWS service keys or customer-controlled keys
Amazon ElastiCache for Redis Optional encryption through AWS KMS utilizing either AWS managed or client given master keys

Related reads:

Protecting Amazon SQS Data Using Server-Side Encryption (SSE) and AWS KMS
Amazon SNS Adds Server-Side Encryption (SSE)

AWS Serverless Exercises

Test Yourself With Exercises

Exercise:

Which AWS service can you use to encrypt data?

AWS   Service

Start the Exercise


×

Contact Sales

If you want to use W3Schools services as an educational institution, team or enterprise, send us an e-mail:
sales@w3schools.com

Report Error

If you want to report an error, or if you want to make a suggestion, send us an e-mail:
help@w3schools.com

W3Schools is optimized for learning and training. Examples might be simplified to improve reading and learning. Tutorials, references, and examples are constantly reviewed to avoid errors, but we cannot warrant full correctness of all content. While using W3Schools, you agree to have read and accepted our terms of use, cookie and privacy policy.

Copyright 1999-2024 by Refsnes Data. All Rights Reserved. W3Schools is Powered by W3.CSS.