Answers
Here are the answers to this chapter’s questions:
- The AWS Encryption SDK is a client-side library that’s designed to make encryption more accessible and manageable for developers. It enhances data protection, both at rest and in transit, and can be used across various AWS services and even outside the AWS environment. It offers features such as data key caching, a suite of robust encryption algorithms, and message protection, making it developer-friendly and cost-efficient.
- Key rotation is crucial for maintaining robust cryptography. KMS supports automatic key rotation for CMKs, where new key material is generated every year. You also have the option to manually rotate keys. When a key is rotated, the key material changes, but the key ID remains the same.
- RDS supports volume encryption using keys managed through KMS. It also allows for field-level encryption either through application-level logic or native TDE features provided by certain database...
