16 August,2023 by Rambler
Independent AWS encryption refers to the process of encrypting using a AWS KMS (AWS Key Management Service) key associated with the AWS backup vault. Not all AWS DBMS types are supported in the Independent encryption process when using AWS Backup
It's important to be aware of Independent encryption as it has implications about how you will restore a backup copy. This applies to both a Single Region and Multi Region setup .
DynamoDB is supported with Independent encryption. You can see this in action by checking a backup copy in the Backup Vault
If you're using Amazon DynamoDB after enabling Advanced DynamoDB backup then "DynamoDB backups are always encrypted. The AWS KMS encryption key for DynamoDB backups is configured in the AWS Backup vault that the DynamoDB backups are stored in"
To check status of whether Advanced DynamoDB is configured use :
aws backup describe-region-settings
For more details on how to interpret the output - use the information provided on Advanced DynamoDB backup
Some AWS services support their own encryption and not independent encryption by AWS Backup
AWS Backup’s independent encryption means encryption is handled by the AWS Backup vault.
Aurora ==> Independent encryption not supported
RDS ==> Independent encryption not supported
DynamoDB ==> Independent encryption supported
As an added note - regardless of the DBMS encryption state when it is backed up into the Vault , the Copy process enforces an Encryption key for the copy (repliction process)
In the AWS Backup Developer documentation there is a passage detailing process :
Encryption for backup copies
When you use AWS Backup to copy your backups across accounts or Regions, AWS Backup automatically
encrypts those copies, even if the original backup is unencrypted. AWS Backup encrypts your copy using
the target vault's KMS key.
This is important - because if you are attempting to restore a database into another Region the key must be available to be able to restore.
You need to build this logic into the architecture of the backup & recovery process
This is only a preview. Your comment has not yet been posted.
As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.
Having trouble reading this image? View an alternate.
Posted by: |