Security

This section describes how we architected this solution using the principles and best practices of the security pillar.

AWS highly recommends that customers encrypt sensitive data in transit and at rest. Media Insights on AWS automatically encrypts media files and metadata at rest with Amazon S3 server-side encryption (SSE).

The Media Insights on AWS solution’s Amazon SNS topics and Amazon DynamoDB tables are also encrypted at rest using SSE.

Media Insights on AWS uses AWS Identity and Access Management (AWS IAM) to authorize REST API requests. Refer to the documentation for your chosen HTTP client to learn how to use IAM in your application.

To adhere to security best practices, the solution’s stack creates a dedicated AWS Key Management Service (AWS KMS) customer-managed key in your account. Therefore, to access data derived by Media Insights on AWS outside of using Media Insights on AWS interfaces, such as APIs and data pipelines, you must use (and have access to) that encryption key to decrypt the data. If that key gets deleted, that data will be irrecoverable. Rotation of customer managed keys is the responsibility of the customer. For more information, refer to AWS KMS concepts in the AWS KMS Developer Guide.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Operational excellence

Reliability