Table of Contents

Search

Data Encryption in Amazon S3 Targets

Data Encryption in Amazon S3 Targets

To protect data, you can enable server-side encryption or client-side encryption to encrypt data inserted in Amazon S3 buckets.

Server-side Encryption

Enable server-side encryption if you want Amazon S3 to encrypt the data while uploading the files to the buckets. To enable server-side encryption, select
Server Side Encryption
as the encryption type in the advanced properties of the data object write operation. Server-side encryption uses Amazon S3-managed keys (SSE-S3) as the encryption type.

Client-side Encryption

Enable client-side encryption if you want the Data Integration Service to encrypt the data while uploading the files to the buckets. Client-side encryption uses client-side master key as the encryption type. To enable client-side encryption, perform the following tasks:
  1. Ensure that an organization administrator creates a master symmetric key, which is a 256-bit AES encryption key in Base64 format.
  2. Provide the master symmetric key when you create an Amazon S3 connection.
  3. Select
    Client Side Encryption
    as the encryption type in the advanced properties of the data object write operation.
  4. Ensure that an organization administrator updates the security JAR files, required by the Amazon S3 client encryption policy, on the machine that hosts the Data Integration Service.
The following table lists the encryption type for the support for various environments:
Encryption Type
Native Environment
Blaze Environment
Spark Environment
Server-side Encryption
Yes
Yes
Yes
Client-side Encryption
Yes
No
No
For information about the Amazon S3 client encryption policy, see the
Amazon S3 documentation
.


Updated July 30, 2020