Data in Transit
💡 Definition
Data in Transit (or data in motion) refers to data that is actively moving from one location to another, such as across the internet or within a private network. Protecting data in transit involves encryption to prevent interception (eavesdropping).
🔑 Key Concepts
- SSL/TLS (Secure Sockets Layer / Transport Layer Security): The standard protocols for establishing authenticated and encrypted links between networked computers.
- HTTPS: The secure version of HTTP, which uses SSL/TLS.
- VPN: Encrypts traffic between your on-premises network and your VPC.
- AWS Certificate Manager (ACM): Manages SSL/TLS certificates for your AWS services.
⚙️ How it Works
When data is transmitted, it is encrypted at the source and decrypted at the destination. An attacker intercepting the packets in between would only see scrambled, unreadable data.
🎯 Use Cases
- Web Traffic: Securing communication between a user's browser and your website (Load Balancer, CloudFront).
- API Calls: All calls to AWS APIs are encrypted via HTTPS.
- Data Transfer: Replicating data between S3 buckets across Regions.
💰 Pricing Model
- AWS Certificate Manager: Public SSL/TLS certificates are free.
- Data Transfer: Standard data transfer rates apply.
📝 Exam Tips (CLF-C02)
- Use SSL/TLS (HTTPS) to protect data in transit.
- AWS Certificate Manager (ACM) handles certificates.
- VPN connections provide encryption for hybrid connectivity.
See Also: * Data at Rest * Load Balancer * CloudFront