Search code examples
amazon-web-servicesamazon-redshiftdata-security

AWS Redshift database encryption

Is it possible to use different encryption for different databases inside of single Redshift?

I other words, I mean, that in case(theoretical case) for example of stolen hard drive from AWS data center, hackers will be unable to decrypt all databases on this drive with the same key?

Solution

  • It appears that:

    • Each data block on disk encrypted with a different encryption key
    • Those encryption keys are then encrypted using a Database Encryption Key
    • That key is encrypted with a Cluster Encryption Key
    • That key is encrypted in AWS KMS with an encryption key specifically for Redshift in your account (as opposed to EC2, etc)

    See: Amazon Redshift Database Encryption