Configuration for S3 Encryption¶
Atlas Data Lake can query and analyze unencrypted data in your AWS S3
buckets without additional configuration. However, to read encrypted
data or write data to your S3 buckets using
Data Lake might require additional permissions depending on your S3
The following table describes the required configuration for your
Data Lake to read encrypted data and to use
write data to S3 for each type of AWS S3 encryption.
AWS S3 Encryption Types
Required Data Lake Configuration
Atlas Data Lake supports both reads and writes of data encrypted in S3 buckets using AES-256 AWS Managed Keys by default. No additional configuration is required.
Atlas Data Lake supports both reads and writes of data encrypted in the S3 buckets using SSE with Amazon S3 Managed Keys by default. No additional configuration is required.
Atlas Data Lake can't access data encrypted in the S3 buckets using SSE Customer Managed Symmetric Customer Master Keys by default. For reads and writes, you must add permissions similar to the following to the policy assigned to your IAM role:
To modify the your AWS IAM role trust policy: