Encryption

To protect sensitive data, you can encrypt Teradata data volumes by setting the EBS Encryption parameter when launching a Teradata ecosystem or launching Teradata Database using CloudFormation. This setting encrypts the data volumes using a default customer master key (CMK) when using either launch method. Encryption is supported only for m4 instance types.

If you create and manage a CMK using the AWS Key Management Service or bring your own encryption keys, Teradata refers to these as non-default CMKs.

Although you cannot encrypt the root drive when launching a Teradata ecosystem, you can encrypt the root drive when launching Teradata Database using CloudFormation. To encrypt the root drive, a custom CMK encryption CloudFormation template is required, but is not available on the AWS Marketplace. Due to the complexity of this process, you must contact Teradata Professional Services to schedule an appointment so they can provide the template and assistance in encrypting any of the following:
  • Data volumes using a non-default CMK
  • Root volume using a default CMK or a non-default CMK

If a node fails, the replacement node inherits the encryption setting of the failed node.

If you are unfolding, the new nodes inherit the encryption setting.

If you deploy AWS systems using AWS Marketplace products with multiple AWS accounts, the custom CMK encryption CloudFormation template needs modifications. You must contact Teradata Professional Services.

results matching ""

    No results matching ""