To protect data, you can enable server-side encryption or client-side encryption to encrypt data inserted in Amazon S3 buckets.
Enable server-side encryption if you want Amazon S3 to encrypt the data while uploading the files to the buckets. To enable server-side encryption, select
Server Side Encryption
as the encryption type in the advanced properties of the data object write operation. Server-side encryption uses Amazon S3-managed keys (SSE-S3) as the encryption type.
Enable client-side encryption if you want the Data Integration Service to encrypt the data while uploading the files to the buckets. Client-side encryption uses client-side master key as the encryption type. To enable client-side encryption, perform the following tasks:
Ensure that an organization administrator creates a master symmetric key, which is a 256-bit AES encryption key in Base64 format.
Provide the master symmetric key when you create an Amazon S3 connection.
Client Side Encryption
as the encryption type in the advanced properties of the data object write operation.
Ensure that an organization administrator updates the security JAR files, required by the Amazon S3 client encryption policy, on the machine that hosts the Data Integration Service.
The following table lists the encryption type for the support for various environments:
For information about the Amazon S3 client encryption policy, see the