Reputation: 523
Data Integrity S3 During Transit for Large File
I'm new to encryption, so my question might seem basic. Despite reading multiple articles, I'm still unsure if I fully understand.
I have an S3 bucket, bucket_a, which will be used by different AWS accounts to upload data. The frequency of file uploads can be as frequent as every 5 minutes, and the size of each file can vary from 1KB to 100MB. I want to ensure that the data uploaded to bucket_a is encrypted in transit with KMS for an added layer of security over TLS.
I attempted to encrypt the bucket with asymmetric KMS and provide the public key to clients for data uploads. However, encrypting larger data with the public key is failing.
Another approach I read about is hybrid encryption, where data is sent using a symmetric key and the symmetric key is encrypted with the public key. My confusion with this approach is:
- How can services like Glue/Glue Crawler decrypt the file content? Do I need to explicitly handle this?
- With the symmetric key approach, do I need to explicitly manage file decryption?
Can someone help answer these questions or guide me to resources that can help me understand this better?
Upvotes: 0
Views: 36
Answers (0)
Related Questions
- AWS kms encryption with asymmetric key using C#
- Which is an appropriate way to encrypt message of size greater than 4KB?
- Amazon S3 Bucket Encryptions - KMS vs AES256
- How does AWS KMS/ AWS services protect the plain text data-key in transit?
- Envelop encryption large file
- Kinesis Firehose KMS encryption
- Require KMS encryption with specific key ID in S3 bucket policy