1 回答
- 最新
- 投票最多
- 评论最多
0
Hello,
S3 Bucket Key is not the encryption key itself, like data key it will need the use of KMS key stored in HSM to work but instead of making a call for each object you need to decrypt it will generate a S3 Bucket Key that lives in a "limited time windows" within the S3 bucket to access objects in your bucket. Hence reducing the cost by reducing the amounts of API call toward KMS (but not resulting to no more calls).
Using a S3 Bucket key still requires a KMS Key, either AWS or Customer Managed. So in my opinion it doesn't affect the FIPS 140-2 validation since it's still involving the HSM and KMS.
More info here: https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-key.html?icmpid=docs_amazons3_console#bucket-key-changes
已回答 2 个月前
相关内容
- AWS 官方已更新 8 个月前
- AWS 官方已更新 1 年前
- AWS 官方已更新 2 年前