By using AWS re:Post, you agree to the Terms of Use

Learn AWS faster by following popular topics

see all
1/18

Recent questions

see all
1/18

Data Mesh on AWS Lake Formation

Hi, I'm building a data mesh in AWS Lake Formation. The idea is to have 4 accounts: account 0: main account account 1: central data governance account 2: data producer account 3: data consumer I have been looking for information about how to implement the mesh in AWS and I'm following some tutorials that are very similar to what I'm doing: https://catalog.us-east-1.prod.workshops.aws/workshops/78572df7-d2ee-4f78-b698-7cafdb55135d/en-US/lakeformation-basics/cross-account-data-mesh https://aws.amazon.com/blogs/big-data/design-a-data-mesh-architecture-using-aws-lake-formation-and-aws-glue/ https://aws.amazon.com/blogs/big-data/build-a-data-sharing-workflow-with-aws-lake-formation-for-your-data-mesh/ However, after having created the bucket and uploaded some csv data to it (in the producer account), I don't know if I have to register first to the glue catalog in the producer account or I just do it in the lake formation like it says here: https://catalog.us-east-1.prod.workshops.aws/workshops/78572df7-d2ee-4f78-b698-7cafdb55135d/en-US/lakeformation-basics/databases (is this dependant on if one uses glue permissions or lake formation permissions in lake formation configuration?) Indeed I have done it first the database and the table in glue and then when I go to lake formation in the database and table sections the database and table created from glue appear there without doing anything. Even if I disable there the options: "Use only IAM access control for new databases" "Use only IAM access control for new tables in new databases" both the database and table appear there do you know if glue and lake formations share the data catalog? and I'm doing it correctly? thanks, John
0
answers
0
votes
3
views
asked 7 hours ago

End-to-end encryption (to be or not to be)

Hi community, What is your position on end-to-end encryption (regardless of regulations), but from a practical security point of view. Scenario: classic scenario of a web service being front-ended by an application load balancer. No questions ask we do encryption in transit for the front end part. BUT for the communication between the load balancer and the server the security position of AWS seems to be "encrypt everything" but when i read AWS documentation from sysops perspective i get the following "Terminating secure connections at the load balancer and using HTTP on the backend might be sufficient for your application. Network traffic between AWS resources can't be listened to by instances that are not part of the connection" As a security Practioner, i will push for end to end encryption but i willl like to understand this other point of view from AWS that, when reading it might suggest that the encryption between the load balancer and the EC2 is optional. I am in security now but my background is sysadmin and when i talk to operations people i dont like to just "impose" security regulations/standards/policies etc ... I like to explain why its required from a technical security point of view. When it comes to our on-prem applications ... its easy to explain the risks. But in AWS its a little bit confusing for me to justify my point when they show me AWS documentation stating that it might be enough just by encrypting the front end part of the communications.
1
answers
0
votes
21
views
asked a day ago

Recent articles

see all
1/9