从 AWS Firehouse 到 S3 的数据安全性
[英]Security in data from AWS Firehouse to S3
问题描述
I want to secure my data in transit from AWS Firehose to S3.
我想保护从 AWS Firehose 传输到 S3 的数据。 I can enable encryption for data at rest in S3 but how can I ensure data is encrypted while it is transferred from Firehose to S3?我可以在 S3 中的 rest 上启用数据加密,但是如何确保数据在从 Firehose 传输到 S3 时被加密? Also, I use Kinesis agent to put data from the web servers to Kinesis Firehose.此外,我使用 Kinesis 代理将来自 web 服务器的数据放入 Kinesis Firehose。 Is there a way to encrypt data while in transit from web servers to Firehose?在从 web 服务器到 Firehose 的传输过程中,有没有办法加密数据?
1 个解决方案
解决方案1
1 已采纳 2020-07-19 13:17:15
Data transfer between services will be using the https endpoint rather than http .服务之间的数据传输将使用https端点而不是http 。
You can ensure that data is transferred to your S3 bucket over HTTPS by by adding a bucket policy that will deny access for non HTTPS based requests such as that below.您可以通过添加一个桶策略来确保数据通过 HTTPS 传输到您的 S3 桶,该策略将拒绝基于非 HTTPS 的请求的访问,如下所示。
{
"Id": "ExamplePolicy",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowSSLRequestsOnly",
"Action": "s3:*",
"Effect": "Deny",
"Resource": [
"arn:aws:s3:::awsexamplebucket",
"arn:aws:s3:::awsexamplebucket/*"
],
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}
},
"Principal": "*"
}
]
}
The agent again should be communicating over HTTPS to the service only, you can enforce this by removing access to port 80 from your security group or by blocking port 80 access in NACL (although this might be extreme).代理应该再次通过 HTTPS 与服务通信,您可以通过从安全组中删除对端口 80 的访问或通过在 NACL 中阻止端口 80 访问来强制执行此操作(尽管这可能是极端的)。
Additionally if using an EC2 instance add a VPC endpoint for the service(s) you'll be connecting to.此外,如果使用 EC2 实例,请为您将连接到的服务添加VPC 终端节点。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.