Hi, What are the different configurations that snowplow supports to enable data security during transit
Here is our pipeline components.
tracker embedded in mobile app → api gateway–>collector–>Kinesis streams–>enricher–>Kinesis streams–> loader
Can someone help out please
Not sure if this helps but if you are wondering about the encryption of data in transport between the mobile app and the collector, that relies on the standard HTTPS protocol (unless you use HTTP in your configuration which we do not recommend) which uses TLS for encryption.
Thank you @matus for the response. How is the encryption of the data happening in communication between the collector and kinesis?
Hi @Shalini_Balakrishnan the Kinesis API operates under only HTTPS endpoints (Amazon Kinesis Data Streams endpoints and quotas - AWS General Reference).
As such when sending data to it it is encrypted using TLS which leverage asymmetric encryption with public and private key pairs (the private key in this case owned by AWS to decrypt the payloads sent).
If you then want to encrypt the data at rest in the Kinesis Stream you can enable that as well yourself. The documentation for this is here (How Do I Get Started with Server-Side Encryption? - Amazon Kinesis Data Streams).
You can also see how this is done in Terraform in our Open Source module here:
- terraform-aws-kinesis-stream/main.tf at main · snowplow-devops/terraform-aws-kinesis-stream · GitHub
- terraform-aws-kinesis-stream/variables.tf at main · snowplow-devops/terraform-aws-kinesis-stream · GitHub
Hope this helps explain how encryption for the pipeline operates a bit better!
1 Like
@josh , Thank you so much that answers all my doubts
1 Like