You work at a company that makes use of AWS resources.
One of the key security policies is to ensure that all data is encrypted both at rest and in transit.
Which of the following is the right implementation which aligns with this policy?
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - A.
Option A is CORRECT because enabling S3 SSE encryption will encrypt data at rest for S3 and SSL termination allows encrypted traffic between the client and ELB.Option B is incorrect because Server-side encryption is for encryption at rest and SSL termination on ELB is for encryption in transit.
Option C is incorrect because Proxy protocol will not ensure encryption of data at rest and in transit.
Proxy Protocol feature allows you to identify the client's connection information when using TCP load balancing, providing additional insight into visitors to your applications.
This information can be useful for analyzing traffic logs, gathering connection statistics, troubleshooting, or managing whitelists of IP addresses.
With Proxy Protocol support, the client's IP address and port are included in the header of the request sent to the back-end servers when using TCP load balancing.
Option D is incorrect because enabling sticky sessions is not a feature to help data encryption.
The correct implementation that aligns with the given security policy of encrypting data both at rest and in transit is option A: Use S3 Server-side encryption for data encryption at rest and SSL termination on ELB for data encryption in transit.
Here's a detailed explanation of each option:
A. Use S3 Server-side encryption for data encryption at rest and SSL termination on ELB for data encryption in transit. In this option, S3 server-side encryption is used to encrypt data at rest in S3 buckets. SSL termination is used on the Elastic Load Balancer (ELB) to ensure data encryption in transit between clients and the load balancer, and between the load balancer and EC2 instances. SSL termination is a process that decrypts SSL traffic at the load balancer and forwards it to the backend instances in plaintext.
B. Use S3 Server-side encryption for data encryption in transit and SSL termination on ELB for data encryption at rest. This option is incorrect because S3 server-side encryption is used to encrypt data at rest in S3 buckets, not in transit. SSL termination on ELB is used for data encryption in transit, not at rest.
C. Enabling Proxy Protocol. Proxy Protocol is not related to data encryption. It is a protocol used to pass client connection information (such as IP address and port) to backend instances through a proxy or load balancer.
D. Enabling sticky sessions on your load balancer. Enabling sticky sessions on a load balancer is used to ensure that a client is always routed to the same backend instance. This option is not related to data encryption.
In summary, option A is the correct implementation that aligns with the given security policy of encrypting data both at rest and in transit. S3 server-side encryption is used for data encryption at rest in S3 buckets, and SSL termination on ELB is used for data encryption in transit between clients and the load balancer, and between the load balancer and EC2 instances.