DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports
Events Video Library
Refcards
Trend Reports

Events

View Events Video Library

Related

  • AWS Serverless Data Lake: Built Real-time Using Apache Hudi, AWS Glue, and Kinesis Stream
  • Why SAP S/4HANA Landscape Design Impacts Cloud TCO More Than Compute Costs
  • Cost Is a Distributed Systems Bug
  • From Data Lakes to Intelligence Lakes: Augmenting Apache Iceberg With Generative AI Metadata on AWS

Trending

  • The Big Data Architecture Blueprint: Core Storage, Integration, and Governance Patterns
  • Building Threat Intelligence Pipelines Using Python, APIs, and Elasticsearch
  • How to Parse Large XML Files in PHP Without Running Out of Memory
  • 5 Failure Patterns That Break AI Chatbots in Production
  1. DZone
  2. Software Design and Architecture
  3. Cloud Architecture
  4. Using Server-Side Encrypt Data AWS KMS to Integrate With Mule-4 AWS-S3 Connector

Using Server-Side Encrypt Data AWS KMS to Integrate With Mule-4 AWS-S3 Connector

This article demonstrates how to use server-side encrypt data AWS KMS in order to integrate data with Mule-4 AWS-S3 Connector.

By 
Sadik Ali user avatar
Sadik Ali
·
Jan. 16, 21 · Tutorial
Likes (6)
Comment
Save
Tweet
Share
7.8K Views

Join the DZone community and get the full member experience.

Join For Free

Purpose

To Demonstrate MuleSoft integration with S3 Bucket with enabled KMS (Server Side Encryption).

Table of Contents

  • What is AWS KMS?
  • Key Rotation; AWS configuration for KMS and S3 Bucket.
  • Mule 4 connector configuration.
  • Tutorial video.

Scenarios

  • Publish data to the S3 bucket while the bucket is enabled with server-side encryption.
  • Publish data to the S3 bucket as the bucket is disabled with server-side encryption.

What Is AWS KMS?

AWS Key Management Service (AWS KMS) is a regulated service that makes it easy to produce and manage the encryption keys utilized to encrypt data.

AWS Key Management Service process graphic.

It starts with the plain text and then uses data keys along with an algorithm to come up with encrypted data. Encrypted data is finally stored in a storage that can be anything(eg: S3, etc.). KMS then takes the key, encrypts it with a master key along with an encryption algorithm, which results in an encrypted key that is stored alongside data.

Key Rotation; AWS Configuration for KMS and S3 Bucket

  • AWS managed CMKs. You cannot manage key rotation for AWS managed CMKs. AWS KMS automatically rotates AWS managed keys every three years (1095 days).
  • When you enable automatic key rotation, AWS KMS rotates the CMK 365 days after the enable date and every 365 days thereafter.

Characteristics 

  • KMS stores Customer Master Keys(CMK), which is a logical depiction of a key.
  • Key can be produced by KMS or imported.
  • The encrypted data keys are stored with the data.
  • CMK never moves KMS and never leaves a region.
  • CMK can encrypt or decrypt data up to 4KB in size.

Resource

Default Limit

Applies

Customer Master Keys (CMS)

1000

Customer Managed CMKs

Aliases

1100

Customer created alias

Key policy document size

32 KB (32,768 bytes)

Customer managed CMKs

AWS managed CMKS

Grats per CMK

2500

Customer managed CMKs

Grants for a given principle per CMK

500

Customer managed CMKs

AWS managed CMKS

Mule 4 Connector Configuration

Anypoint Connector for Amazon S3 (Amazon S3 Connector) implements connectivity to the Amazon S3 API, allowing you to interface with Amazon S3 to store objects, download and manage data with other AWS services, and develop applications that demand internet storage.

Anypoint Connector for Amazon S3 screenshot.

Create Customer Managed Key With Symmetric

KMS screenshot.Create AWS S3 Bucket (Server-Side Encryption Enabled)

AWS S3 Bucket screenshot.

       AWS S3 Bucket screenshot continued.

Create AWS S3 Bucket (Server-Side Encryption disabled)Without KMS Key screenshot.

  • MuleSoft 4 AWS S3 Connector configuration
    • Request with KMS Key        
    Request with KMS Key screenshot.
  • Request without KMS Key     

Request without KMS Key screenshot.


Data Uploaded in AWS S3 Bucket 

Data Uploaded in AWS S3 Bucket screenshot.

Tutorial Video


AWS Data (computing) Connector (mathematics)

Opinions expressed by DZone contributors are their own.

Related

  • AWS Serverless Data Lake: Built Real-time Using Apache Hudi, AWS Glue, and Kinesis Stream
  • Why SAP S/4HANA Landscape Design Impacts Cloud TCO More Than Compute Costs
  • Cost Is a Distributed Systems Bug
  • From Data Lakes to Intelligence Lakes: Augmenting Apache Iceberg With Generative AI Metadata on AWS

Partner Resources

×
Comments

The likes didn't load as expected. Please refresh the page and try again.

  • RSS
  • X
  • Facebook

ABOUT US

  • About DZone
  • Support and feedback
  • Community research

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Core Program
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 3343 Perimeter Hill Drive
  • Suite 215
  • Nashville, TN 37211
  • [email protected]

Let's be friends:

  • RSS
  • X
  • Facebook