</>Học Dev
Bài học

Tuần 7 - Ngày 4: Encryption và Compliance

Tuần 7 – Ngày 4

Tuần 7 - Ngày 4: Encryption và Compliance

1. Encryption at Rest

ENCRYPTIONATRESTOPTIONSS3:SSE-S3(AWSmanaged)SSE-KMS(KMSmanaged)SSE-C(Customerprovided)Client-sideencryptionEBS:KMSencryption(defaultorCMK)RDS/Aurora:KMSencryption(atcreation)DynamoDB:AWSownedCMK(default)CustomermanagedCMKEFS:KMSencryption

2. Encryption in Transit

TLS/SSL everywhere:
- ALB/NLB HTTPS listeners
- CloudFront HTTPS
- RDS SSL connections
- S3 HTTPS endpoints
- API Gateway HTTPS

ACM (AWS Certificate Manager):
- Free public certificates
- Auto-renewal
- Integration with ALB, CloudFront, API GW

3. CloudHSM

CloudHSMvsKMSFeatureKMSCloudHSMManagementAWSmanagedCustomermanagedComplianceFIPS140-2L2FIPS140-3L3KeyaccessMulti-tenantSingle-tenantPricingPerkey/usePerhourIntegrationAWSservicesCustomappsUsecaseMostcasesStrictcompliance

4. Compliance Programs

AWS Compliance:
- SOC 1, 2, 3
- PCI DSS Level 1
- HIPAA
- FedRAMP
- GDPR
- ISO 27001, 27017, 27018

Tools:
- AWS Artifact (compliance reports)
- AWS Config (conformance packs)
- AWS Audit Manager (assessment)

5. AWS Artifact

Download compliance reports:
- SOC reports
- PCI reports
- ISO certifications
- Agreements (BAA, GDPR DPA)

Use for:
- Audits
- Due diligence
- Compliance evidence

Tài liệu tham khảo chính thức

Ngày tiếp theo: Quiz tổng kết Tuần 7