Field-level encryption process
Step 1 – RSA key generation and inclusion in Lambda@Edge
You need to extract the RSA public key from AWS KMS so you can include it in the AWS Lambda deployment package. You can do this from the AWS Management Console, through the AWS KMS SDK, or by using the get-public-key command in the AWS Command Line Interface (AWS CLI). Figure 5 shows Copy and Download options for a public key in the Public key tab of the AWS KMS console.
Step 2 – HTTP API request handling by CloudFront
Step 3 – Lambda@Edge processing
Step 4 – Lambda@Edge response
Step 5 – Forward the request to the origin server
Field-level decryption process
Step 1 – Application retrieves the field-level encrypted data
Step 2 – Application invokes the decryption Lambda function
Step 3 – Lambda calls the AWS KMS decryption API
Step 4 – AWS KMS decrypts ciphertext and returns plaintext
issue #24
Issue #24.docx
Field-level encryption process Step 1 – RSA key generation and inclusion in Lambda@Edge You need to extract the RSA public key from AWS KMS so you can include it in the AWS Lambda deployment package. You can do this from the AWS Management Console, through the AWS KMS SDK, or by using the get-public-key command in the AWS Command Line Interface (AWS CLI). Figure 5 shows Copy and Download options for a public key in the Public key tab of the AWS KMS console. Step 2 – HTTP API request handling by CloudFront
Step 3 – Lambda@Edge processing
Step 4 – Lambda@Edge response
Step 5 – Forward the request to the origin server
Field-level decryption process Step 1 – Application retrieves the field-level encrypted data
Step 2 – Application invokes the decryption Lambda function
Step 3 – Lambda calls the AWS KMS decryption API
Step 4 – AWS KMS decrypts ciphertext and returns plaintext
Step 5 – Lambda returns decrypted data body