Security in data from AWS Firehouse to S3
Question
I want to secure my data in transit from AWS Firehose to S3. I can enable encryption for data at rest in S3 but how can I ensure data is encrypted while it is transferred from Firehose to S3? Also, I use Kinesis agent to put data from the web servers to Kinesis Firehose. Is there a way to encrypt data while in transit from web servers to Firehose?
1 answers
solution1
1 ACCPTED 2020-07-19 13:17:15
Data transfer between services will be using the https endpoint rather than http .
You can ensure that data is transferred to your S3 bucket over HTTPS by by adding a bucket policy that will deny access for non HTTPS based requests such as that below.
{
"Id": "ExamplePolicy",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowSSLRequestsOnly",
"Action": "s3:*",
"Effect": "Deny",
"Resource": [
"arn:aws:s3:::awsexamplebucket",
"arn:aws:s3:::awsexamplebucket/*"
],
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}
},
"Principal": "*"
}
]
}
The agent again should be communicating over HTTPS to the service only, you can enforce this by removing access to port 80 from your security group or by blocking port 80 access in NACL (although this might be extreme).
Additionally if using an EC2 instance add a VPC endpoint for the service(s) you'll be connecting to.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.