Menu
×
My W3Schools Get Certified Spaces Plus Get Certified Spaces Plus
   ❮   
HTML CSS JAVASCRIPT SQL PYTHON JAVA PHP HOW TO W3.CSS C C++ C# BOOTSTRAP REACT MYSQL JQUERY EXCEL XML DJANGO NUMPY PANDAS NODEJS R TYPESCRIPT ANGULAR GIT POSTGRESQL MONGODB ASP AI GO KOTLIN SASS VUE DSA GEN AI SCIPY AWS CYBERSECURITY DATA SCIENCE
     ❯   

AWS Serverless Protect Your Data in Transit and at Rest

❮ Previous Next ❯

Protect Your Data in Transit and at Rest

The first step in protecting your data is by encrypting it.

The reason for that is URL parameters like request path and query strings are not always encrypted.

Encryption is the process of converting data from plain text to unreadable format.

If you use the standard output to write logs, you risk exposing unencrypted sensitive data.

Sensitive data should be encrypted before processing to maintain end-to-end encryption.

Also, avoid sending or storing unencrypted sensitive data in an HTTP request path/query string.

Remember that you are in charge of the inputs and outputs.

To secure your Lambda functions, use IAM permissions and roles with limited scope.

Create smaller functions that accomplish specific tasks and don't share IAM roles.

Use IAM roles to give permissions between services.

Protect Your Data in Transit and at Rest Video

W3schools.com collaborates with Amazon Web Services to deliver digital training content to our students.

Data Protection Best Practices

To encrypt the data, you can use AWS Key Management Service (KMS).

Alongside that, you can rely on serverless data protection best practices:

  • Learn how to use AWS managed services to lessen your security load
  • Think about security at every point of integration in your distributed system
  • Limit access to your Lambda functions and other AWS services using IAM permissions and roles
  • Create smaller Lambda functions that perform scoped activities
  • Don’t share IAM roles between functions
  • Use environment variables or AWS Secrets Manager to deliver data to a Lambda function.

Avoid sending or storing unencrypted sensitive data in an HTTP request.

Also, avoid sending or storing unencrypted sensitive data in the Lambda function's standard output.

Summary of data encryption options

The table below shows encryption options for AWS data stores.

Data store Encryption at Rest
Amazon S3
Configure server-side encryption with:
1. Amazon S3 managed keys
2. Customer master keys (CMKs) stored in AWS Key Management Service (KMS)
3. Customer provided keys
Amazon DynamoDB
At rest, secure data using encryption keys stored in AWS KMS
When creating a table, you may use AWS service keys or customer-controlled keys
Amazon ElastiCache for Redis Optional encryption through AWS KMS utilizing either AWS managed or client given master keys

Related reads:

Protecting Amazon SQS Data Using Server-Side Encryption (SSE) and AWS KMS
Amazon SNS Adds Server-Side Encryption (SSE)

AWS Serverless Exercises

Test Yourself With Exercises

Exercise:

Which AWS service can you use to encrypt data?

AWS   Service

Start the Exercise

❮ Previous Next ❯
SPACES
UPGRADE
AD-FREE
NEWSLETTER
GET CERTIFIED
CONTACT US
×

Contact Sales

If you want to use W3Schools services as an educational institution, team or enterprise, send us an e-mail:
sales@w3schools.com

Report Error

If you want to report an error, or if you want to make a suggestion, send us an e-mail:
help@w3schools.com

Top Tutorials
HTML Tutorial
CSS Tutorial
JavaScript Tutorial
How To Tutorial
SQL Tutorial
Python Tutorial
W3.CSS Tutorial
Bootstrap Tutorial
PHP Tutorial
Java Tutorial
C++ Tutorial
jQuery Tutorial
Top References
HTML Reference
CSS Reference
JavaScript Reference
SQL Reference
Python Reference
W3.CSS Reference
Bootstrap Reference
PHP Reference
HTML Colors
Java Reference
Angular Reference
jQuery Reference
Top Examples
HTML Examples
CSS Examples
JavaScript Examples
How To Examples
SQL Examples
Python Examples
W3.CSS Examples
Bootstrap Examples
PHP Examples
Java Examples
XML Examples
jQuery Examples
Get Certified
 HTML Certificate
CSS Certificate
JavaScript Certificate
Front End Certificate
SQL Certificate
Python Certificate
PHP Certificate
jQuery Certificate
Java Certificate
C++ Certificate
C# Certificate
XML Certificate
FORUM ABOUT CLASSROOM
W3Schools is optimized for learning and training. Examples might be simplified to improve reading and learning.
Tutorials, references, and examples are constantly reviewed to avoid errors, but we cannot warrant full correctness
of all content. While using W3Schools, you agree to have read and accepted our terms of use, cookie and privacy policy.

Copyright 1999-2024 by Refsnes Data. All Rights Reserved. W3Schools is Powered by W3.CSS.