Atlas Data Federation can query and analyze unencrypted data in your AWS S3
buckets without additional configuration. However, to read encrypted
data or write data to your S3 buckets using
Data Federation might require additional permissions depending on your S3
The following table describes the required configuration for your
federated database instance to read encrypted data and to use
write data to S3 for each type of AWS S3 encryption.
AWS S3 Encryption Types
Required Data Federation Configuration
Atlas Data Federation supports both reads and writes of data encrypted in S3 buckets using AES-256 AWS Managed Keys by default. No additional configuration is required.
Atlas Data Federation supports both reads and writes of data encrypted in the S3 buckets using SSE with Amazon S3 Managed Keys by default. No additional configuration is required.
Atlas Data Federation can't access data encrypted in the S3 buckets using SSE Customer Managed Symmetric Customer Master Keys by default. For reads and writes, you must add permissions similar to the following to the policy assigned to your IAM role:
To modify the your AWS IAM role trust policy: