SOA-C03 - Security and Compliance - Section 4.4
Protect data using AWS KMS encryption at rest, AWS Certificate Manager for encryption in transit, and AWS Secrets Manager for secret storage.
Protect data at rest by encrypting storage with AWS Key Management Service customer-managed keys, secure data in transit using TLS certificates provisioned through AWS Certificate Manager, and manage credentials and API keys in AWS Secrets Manager with automatic rotation. Recognise when to use Secrets Manager over Parameter Store for secret values that require programmatic rotation.
AWS Key Management ServiceAWS Certificate ManagerAWS Secrets ManagerEncryption at rest
More in this domain
Back to all Security and Compliance objectives, or the SOA-C03 cert hub.
Examworthy is not affiliated with or endorsed by Amazon Web Services. Original, blueprint-aligned practice material only.