Amazon Web Services Navigating GDPR Compliance on AWS
21
use the AWS Certificate Manager (ACM) service to generate, manage, and deploy the
private and public certificates you use to establish encrypted transport between systems
for your workloads. Amazon Elastic Load Balancing is integrated with ACM and is used
to support HTTPS protocols. If your content is distributed through Amazon CloudFront,
it supports encrypted endpoints.
Encryption Tools
AWS offers various highly scalable data encryption services, tools, and mechanisms to
help protect your data stored and processed on AWS. For information about AWS
Service functionality and privacy, see AWS Service Capabilities for Privacy
Considerations7.
Cryptographic services from AWS use a wide range of encryption and storage
technologies that are designed to maintain integrity of your data at rest or in transit.
AWS offers four primary tools for cryptographic operations.
• AWS Key Management Service (AWS KMS) is an AWS managed service that
generates and manages both master keys and data keys. AWS KMS is
integrated with many AWS services to provide server-side encryption of data
using KMS keys from customer accounts. KMS hardware security modules
(HSMs) are FIPS 140-2 Level 2 validated.
• AWS CloudHSM provides HSMs that are FIPS 140-2 Level 3 validated. They
securely store a variety of your self-managed cryptographic keys, including
master keys and data keys.
• AWS Cryptographic Services and Tools
o AWS Encryption SDK provides a client-side encryption library for
implementing encryption and decryption operations on all types of data.
o Amazon DynamoDB Encryption Client provides a client-side encryption
library for encrypting data tables before sending them to a database service,
such as Amazon DynamoDB.
AWS Key Management Service
AWS Key Management Service (AWS KMS) is a managed service that makes it easy
for you to create and control the encryption keys used to encrypt your data, and uses
Hardware Security Modules (HSMs) to protect the security of your keys. AWS KMS is
integrated with several other AWS services to help you protect the data you store with