0
0
DynamoDBquery~10 mins

Encryption at rest and in transit in DynamoDB - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Concept Flow - Encryption at rest and in transit
Data Created
Encrypt Data Before Storage
Store Encrypted Data in DynamoDB
Data Stored at Rest (Encrypted)
Request Data Retrieval
Data Sent Over Network (Encrypted)
Data Received and Decrypted by Client
Data is encrypted before saving in DynamoDB (at rest) and also encrypted when sent over the network (in transit).
Execution Sample
DynamoDB
1. PutItem with encryption enabled
2. Data stored encrypted in DynamoDB
3. GetItem request sent over TLS
4. Data received and decrypted by client
Shows how data is encrypted before storage and encrypted again during network transfer.
Execution Table
StepActionData StateEncryption TypeResult
1Create data itemPlain textNoneData ready to store
2Encrypt data before storingEncryptedEncryption at restData encrypted locally
3Store encrypted data in DynamoDBEncryptedEncryption at restData saved securely
4Request data retrievalEncryptedEncryption in transit (TLS)Request sent securely
5Data sent over networkEncryptedEncryption in transit (TLS)Data protected during transfer
6Client receives dataEncryptedEncryption in transit (TLS)Data ready to decrypt
7Client decrypts dataPlain textDecryptionData usable by client
8EndPlain textNoneProcess complete
💡 Process ends after client decrypts data for use
Variable Tracker
VariableStartAfter Step 2After Step 3After Step 5After Step 7
dataPlain textEncryptedEncryptedEncryptedPlain text
Key Moments - 2 Insights
Why is data encrypted twice, once at rest and once in transit?
Data is encrypted at rest to protect it when stored on disk (see Step 2 and 3). It is encrypted in transit to protect it while moving over the network (see Step 5). Both protect data in different places.
When does the data become plain text again?
Data becomes plain text only after the client decrypts it upon receiving it (see Step 7). Before that, it stays encrypted.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution table, at which step is data first encrypted?
AStep 4
BStep 1
CStep 2
DStep 6
💡 Hint
Check the 'Data State' and 'Encryption Type' columns in Step 2
At which step does the data travel securely over the network?
AStep 3
BStep 5
CStep 7
DStep 1
💡 Hint
Look for 'Encryption in transit (TLS)' in the 'Encryption Type' column
If encryption at rest was disabled, which step would change?
AStep 2 and 3 would show data as plain text
BStep 5 would show unencrypted data
CStep 7 would not decrypt data
DStep 1 would encrypt data
💡 Hint
Refer to 'Data State' in Steps 2 and 3 in the execution table
Concept Snapshot
Encryption at rest means data is encrypted when stored in DynamoDB.
Encryption in transit means data is encrypted while moving over the network.
DynamoDB uses encryption at rest automatically.
Data is sent over TLS to secure it in transit.
Clients decrypt data after receiving it.
Both protect data from unauthorized access.
Full Transcript
This visual execution shows how data is protected in DynamoDB by encrypting it at rest and in transit. First, data is created in plain text. Before storing, it is encrypted locally to protect it on disk. DynamoDB stores this encrypted data securely. When a client requests data, the request and response travel over the network encrypted using TLS. The client receives the encrypted data and decrypts it to use. This process ensures data is safe both when stored and when moving across the network.