[
https://issues.apache.org/jira/browse/HADOOP-16732?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mingliang Liu updated HADOOP-16732:
-----------------------------------
Release Note:
Support server-side encrypted DynamoDB table for S3Guard. Users don't need to
do anything (provide any configuration or change application code) if they
don't want to enable server side encryption. Existing tables and the default
configuration values will keep existing behavior, which is encrypted using
Amazon owned customer master key (CMK).
To enable server side encryption, users can set
"fs.s3a.s3guard.ddb.table.sse.enabled" as true. This uses Amazon managed CMK
"alias/aws/dynamodb". When it's enabled, a user can also specify her own custom
KMS CMK with config "fs.s3a.s3guard.ddb.table.sse.cmk".
Adding release notes.
> S3Guard to support encrypted DynamoDB table
> -------------------------------------------
>
> Key: HADOOP-16732
> URL: https://issues.apache.org/jira/browse/HADOOP-16732
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: fs/s3
> Reporter: Mingliang Liu
> Assignee: Mingliang Liu
> Priority: Major
> Fix For: 3.3.0
>
>
> S3Guard is not yet supporting [encrypted DynamoDB
> table|https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/encryption.tutorial.html].
> We can provide an option to enable encrypted DynamoDB table so data at rest
> could be encrypted. S3Guard data in DynamoDB usually is not sensitive since
> it's the S3 namespace mirroring, but some times even this is a concern. By
> default it's not enabled.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
