Security practices for managing Datalake

0

hello, in planning phase of a Datalake project and came across LakeFormation which seems to be the preferred way. I understand that essentially it is a group of S3 buckets so resiliency & durability is not an issue. First I want to understand encryption of data at rest in S3 buckets. Should it be AWS managed keys, or customer managed KMS keys in same account or customer managed KMS keys from different account? Second the number of IAM roles best on least privilege principal. Are there a set number of roles that should be created with set policies based on function like analyst, administrator etc? Any other gotchas that I should be aware? Would appreciate hearing from anyone having experience.

No Answers

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions