Communities
A collaborative platform to connect and grow with like-minded Informaticans across the globe
Product Communities
Connect and collaborate with Informatica experts and champions
Discussions
Have a question? Start a Discussion and get immediate answers you are looking for
User Groups
Customer-organized groups that meet online and in-person. Join today to network, share ideas, and get tips on how to get the most out of Informatica
Get Started
Community Guidelines
Knowledge Center
Troubleshooting documents, product guides, how to videos, best practices, and more
Knowledge Base
One-stop self-service portal for solutions, FAQs, Whitepapers, How Tos, Videos, and more
Support TV
Video channel for step-by-step instructions to use our products, best practices, troubleshooting tips, and much more
Documentation
Information library of the latest product documents
Velocity (Best Practices)
Best practices and use cases from the Implementation team
Learn
Rich resources to help you leverage full capabilities of our products
Trainings
Role-based training programs for the best ROI
Certifications
Get certified on Informatica products. Free, Foundation, or Professional
Product Learning Paths
Free and unlimited modules based on your expertise level and journey
Resources
Library of content to help you leverage the best of Informatica products
Tech Tuesdays Webinars
Most popular webinars on product architecture, best practices, and more
Product Availability Matrix
Product Availability Matrix statements of Informatica products
SupportFlash
Monthly support newsletter
Support Documents
Informatica Support Guide and Statements, Quick Start Guides, and Cloud Product Description Schedule
Product Lifecycle
End of Life statements of Informatica products
Ideas
Events
Change Request Tracking
Marketplace
English
  • PowerExchange Adapters for Informatica 10.5.2
  • All Products

Table of Contents

Search

  1. Preface
  2. Introduction to PowerExchange for Amazon S3
  3. PowerExchange for Amazon S3 Configuration Overview
  4. Amazon S3 Connections
  5. PowerExchange for Amazon S3 Data Objects
  6. PowerExchange for Amazon S3 Mappings
  7. PowerExchange for Amazon S3 Lookups
  8. Appendix A: Amazon S3 Data Type Reference
  9. Appendix B: Troubleshooting

PowerExchange for Amazon S3 User Guide

PowerExchange for Amazon S3 User Guide

Back Next

Amazon S3 Data Encryption

Amazon S3 Data Encryption

To protect data, you can enable server-side encryption or client-side encryption to encrypt data inserted in Amazon S3 buckets.
You can encrypt data by using the master symmetric key or customer master key. Do not use the master symmetric key and customer master key together.
You can select type that you want to use to encrypt data in the
Encryption Type
 advanced properties for the data object write operation. You can select the following encryption type you want to use to encrypt data:
None
The data is not encrypted.
Server Side Encryption
Select
Server Side Encryption
 as the encryption type if you want Amazon S3 encrypts data using Amazon S3-managed encryption keys when you write the files to the target.
Server Side Encryption With KMS
If you select
Server Side Encryption With KMS
 as the encryption type, the Unload command creates the staging files in the Amazon S3 bucket and Amazon S3 encrypts the file using AWS KMS-managed customer master key or Amazon Resource Name (ARN) for server-side encryption.
The AWS KMS-managed customer master key specified in the connection property must belong to the same region where Amazon S3 is hosted. For example, if Amazon S3 is hosted in the
US West (Oregon)
 region, you must use the AWS KMS-managed customer master key enabled in the same region when you select the
Server Side Encryption With KMS
 encryption type.
You cannot use the
Server Side Encryption With KMS
 encryption type on MapR 6.1 distribution.
Client Side Encryption
Select
Client Side Encryption
 as the encryption type if you want the Data Integration Service to encrypt the data when you write the files to the target. Client-side encryption uses a master symmetric key or customer master key that you specify in the Amazon S3 connection properties to encrypt data.
Applicable only when you run a mapping in the native environment.
If you specify both the master symmetric key and customer master key ID in the connection properties, and select a client-side encryption, the Data Integration Service uses the customer master key ID to encrypt data.
To enable client-side encryption, perform the following tasks:
  1. Ensure that an organization administrator creates a master symmetric key or customer master key ID when you create an Amazon S3 connection.
    The administrator user of the account can use the default customer master key ID to enable the client-side encryption.
  2. Select
    Client Side Encryption
     as the encryption type in the advanced properties of the data object write operation.
  3. Ensure that an organization administrator updates the security JAR files, required by the Amazon S3 client encryption policy, on the machine that hosts the Data Integration Service.
When you select a client-side encryption and run a mapping to read or write an Avro, ORC, or Parquet file, the mapping runs successfully. However, the Data Integration Service ignores the client-side encryption.
The following table lists the encryption types for the support for various environments:
Encryption Type
Native Environment
Blaze Environment
Databricks Environment
Spark Environment
Server Side Encryption
Yes
Yes
Yes
Yes
Client Side Encryption
Yes
No
No
No
Server Side Encryption With KMS
Yes
No
Yes
Yes
For information about the Amazon S3 client encryption policy, see the
Amazon S3 documentation
.
0 COMMENTS
We’d like to hear from you!