\n
![](\"https:\/\/jirak.net\/wp\/wp-content\/uploads\/2018\/08\/DynamoDB-encrypt-01-v2-2.png\")
<\/p>\nAmazon DynamoDB \ub370\uc774\ud130 \uc554\ud638\ud654 \ubc0f \uc11c\uba85 \ubc29\ubc95
\n<\/p>\n
\ubbfc\uac10\ud55c \ub370\uc774\ud130\ub098 \uae30\ubc00 \ub370\uc774\ud130\ub97c Amazon DynamoDB\uc5d0 \uc800\uc7a5\ud558\ub294 \uacbd\uc6b0, \ud574\ub2f9 \ub370\uc774\ud130\ub97c \uc554\ud638\ud654\ud558\uc5ec \ub370\uc774\ud130 \uc218\uba85 \uc8fc\uae30\ub3d9\uc548 \ubcf4\ud638\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4. DynamoDB Encryption Client<\/a>\ub97c \uc0ac\uc6a9\ud558\uc5ec DynamoDB\ub85c \uc804\uc1a1\ud558\uae30 \uc804\uc5d0 \ud14c\uc774\ube14 \ub370\uc774\ud130\ub97c \ubcf4\ud638\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4. \ubbfc\uac10\ud55c \ub370\uc774\ud130\ub97c \uc804\uc1a1 \uc911(In Transit) \ubc0f \uc720\ud734 \uc2dc(At Rest) \uc554\ud638\ud654\ud558\uba74 AWS\ub97c \ud3ec\ud568\ud558\uc5ec \uc81c 3\uc790\ub294 \ud3c9\ubb38 \ub370\uc774\ud130\uc758 \uc0ac\uc6a9\uc774 \ubd88\uac00\ub2a5 \ud569\ub2c8\ub2e4.<\/p>\n DynamoDB Encryption Client\ub97c \uc0ac\uc6a9\ud558\ub824\uba74, \uc5ec\ub7ec\ubd84\uc774 \uc554\ud638 \uc804\ubb38\uac00\uc77c \ud544\uc694\ub294 \uc5c6\uc2b5\ub2c8\ub2e4. \uc554\ud638\ud654 \ubc0f \uc11c\uba85 \uc694\uac74\ub4e4\uc740 \uae30\uc874 DynamoDB \uc5b4\ud50c\ub9ac\ucf00\uc774\uc158\uacfc \ud568\uaed8 \ub3d9\uc791\ud558\ub3c4\ub85d \uc124\uacc4\ub418\uc5b4 \uc788\uc2b5\ub2c8\ub2e4. \ud544\uc694\ud55c \ucef4\ud3ec\ub10c\ud2b8\ub4e4\uc744 \uc0dd\uc131\ud558\uace0 \uad6c\uc131\uc744 \uc801\uc6a9\ud55c \ub4a4, DynamoDB Encryption Client\ub294 PutItem<\/a>\uc744 \ud638\ucd9c\uc2dc \ud14c\uc774\ube14 \ud56d\ubaa9\uc744 \ud22c\uba85\ud558\uac8c \uc554\ud638\ud654\ud558\uace0 \uc11c\uba85\ud558\uba70, GetItem<\/a>\uc744 \ud638\ucd9c\ud560\ub54c \uac80\uc99d\ud558\uace0 \ubcf5\ud638\ud654 \ud569\ub2c8\ub2e4.<\/p>\n \uace0\uc720\ud55c \uc0ac\uc6a9\uc790 \uc815\uc758 \ucef4\ud3ec\ud134\ud2b8(Component)\ub97c \uc0dd\uc131\ud558\uac70\ub098 \ub77c\uc774\ube0c\ub7ec\ub9ac\uc5d0 \ud3ec\ud568\ub41c \uae30\ubcf8 \uad6c\ud604\uc744 \uc0ac\uc6a9\ud560 \uc218\ub3c4 \uc788\uc2b5\ub2c8\ub2e4. AWS\uc5d0\uc11c \uc81c\uacf5\ud558\ub294 \ud074\ub798\uc2a4\ub294 \uac15\ub825\ud558\uace0 \uc548\uc804\ud55c \uc554\ud638\ud654\ub97c \uad6c\ud604\ud560 \uc218 \uc788\ub3c4\ub85d \ub418\uc5b4 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n DynamoDB Encryption Client\ub294 AWS Key Management Service<\/a> (Aws KMS) \ub610\ub294 AWS CloudHSM<\/a>\uacfc \ud568\uaed8 \uc0ac\uc6a9\uc774 \uac00\ub2a5\ud558\uc9c0\ub9cc, \ub77c\uc774\ube0c\ub7ec\ub9ac\uac00 AWS \ub610\ub294 \ub2e4\ub978 AWS \uc11c\ube44\uc2a4\ub97c \ud544\uc694\ub85c \ud558\uc9c0\ub294 \uc54a\uc2b5\ub2c8\ub2e4.<\/p>\n \ud604\uc7ac DynamoDB Encryption Client\ub294 Java \ubfd0\ub9cc \uc544\ub2c8\ub77c Python\uc5d0\uc11c\ub3c4 \uc0ac\uc6a9\uc774 \uac00\ub2a5 \ud569\ub2c8\ub2e4. \uc9c0\uc6d0\ub418\ub294 \uc5b8\uc5b4\uc758 \uad6c\ud604\uc740 \uc0c1\ud638 \ud638\ud658\uc774 \uac00\ub2a5\ud569\ub2c8\ub2e4. \uc608\ub97c \ub4e4\uc5b4, \ud14c\uc774\ube14 \ub370\uc774\ud130\ub97c Python \ub77c\uc774\ube0c\ub7ec\ub9ac\ub97c \uc774\uc6a9\ud558\uc5ec \uc554\ud638\ud654 \ud560\uc218 \uc788\uc73c\uba70, Java \ub77c\uc774\ube0c\ub7ec\ub9ac\ub97c \uc774\uc6a9\ud558\uc5ec \ubcf5\ud638\ud654 \ud560\uc218\ub3c4 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n DynamoDB Encryption Client\ub294 \uc624\ud508 \uc18c\uc2a4 \ud504\ub85c\uc81d\ud2b8\uc785\ub2c8\ub2e4. \uc5ec\ub7ec\ubd84\ub3c4 \uac01\uc885 \uc18c\uc2a4 \ubc0f \ub77c\uc774\ube0c\ub7ec\ub9ac \uac1c\ubc1c \ubc0f \ubb38\uc11c \uc791\uc131<\/a>\uc5d0 \ub3d9\ucc38\ud558\uae30\ub97c \ud76c\ub9dd\ud569\ub2c8\ub2e4.<\/p>\n DynamoDB Encryption Client\ub294 \ud55c\ubc88\uc5d0 \ud558\ub098\uc758 \ud14c\uc774\ube14 \ud56d\ubaa9\ub9cc \ucc98\ub9ac \ud569\ub2c8\ub2e4. \uccab\uc9f8, \uc9c0\uc815\ud55c \uc18d\uc131\uc758 \uac12(\uc774\ub984\uc774 \uc544\ub2d8)\uc744 \uc554\ud638\ud654 \ud569\ub2c8\ub2e4. \uadf8\ub9ac\uace0 \ub098\uc11c, \uc9c0\uc815\ud55c \uc18d\uc131\uc758 \uc11c\uba85\uc744 \uacc4\uc0b0\ud558\uc5ec \uc18d\uc131\uc758 \ucd94\uac00 \ub610\ub294 \uc0ad\uc81c, \ub610\ub294 \ub2e4\ub978 \uc554\ud638\ud654\ub41c \uac12\uc73c\ub85c\uc758 \ub300\uccb4\uc640 \uac19\uc740 \ud56d\ubaa9 \uc804\uccb4\uc5d0 \ub300\ud55c \uc778\uac00\ub418\uc9c0 \uc54a\uc740 \ubcc0\uacbd\uc744 \ud0d0\uc9c0\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n \uadf8\ub7ec\ub098, \uc18d\uc131 \uc774\ub984\uacfc Primary Key<\/a> (\uc874\uc7ac\ud558\ub294 \uacbd\uc6b0, \ud30c\ud2f0\uc158 \ud0a4 \ubc0f \uc815\ub82c \ud0a4)\ub0b4\uc758 \uc18d\uc131 \uac12 \ubc0f \uc774\ub984\uc740 \ubc18\ub4dc\uc2dc \ud56d\ubaa9\uc774 \ubc1c\uacac\ub420 \uc218 \uc788\ub3c4\ub85d \ud3c9\ubb38 \ud615\ud0dc\ub85c \ub0a8\uc544 \uc788\uc5b4\uc57c \ud569\ub2c8\ub2e4.<\/p>\n \uc8fc\uc758 : \ud14c\uc774\ube14 \uc774\ub984, \uc18d\uc131 \uac12, Primary key \uc18d\uc131\uc758 \uc774\ub984\uc774\ub098 \uac12, \ub610\ub294 \uc554\ud638\ud654 \ud558\uc9c0 \uc54a\ub3c4\ub85d \uace0\uac1d\uc5d0\uac8c \uc9c0\uc815\ud55c \uc18d\uc131 \uac12\uc5d0 \ubbfc\uac10\ud55c \ub370\uc774\ud130\ub97c \ud3ec\ud568\ud558\uc5ec\uc11c\ub294 \uc548\ub429\ub2c8\ub2e4.<\/em><\/p>\n \uac04\ub2e8\ud55c \uc0d8\ud50c \uc608\uc81c\ub97c \ud1b5\ud558\uc5ec Python\uc744 \uc0ac\uc6a9\ud558\uc5ec DynamoDB Encryption Client\ub97c \uc5b4\ub5bb\uac8c \uc0ac\uc6a9\ud558\ub294\uc9c0 \uc2dc\uc5f0\ud574 \ubcf4\uc774\ub3c4\ub85d \ud558\uaca0\uc2b5\ub2c8\ub2e4. \ud558\ub098\uc758 \ud14c\uc774\ube14 \ud56d\ubaa9\uc744 \uc554\ud638\ud654 \ubc0f \uc11c\uba85\ud560 \uac83\uc774\uba70, \uadf8\ub9ac\uace0 \ub09c\ub4a4 \uae30\uc874 \ud14c\uc774\ube14\uc5d0 \ucd94\uac00 \ud558\uaca0\uc2b5\ub2c8\ub2e4. \uc774 \uc608\uc81c\uc5d0\uc11c\ub294 \ucd95\uc57d\ub41c \ub370\uc774\ud130\uc758 \ud14c\uc2a4\ud2b8 \ud56d\ubaa9\uc744 \uc0ac\uc6a9\ud558\uc9c0\ub9cc, \uace0\uac1d\uc758 \uac1c\uc778\uc815\ubcf4\uc640 \uac19\uc740 \uad49\uc7a5\ud788 \ubbfc\uac10\ud55c \ub370\uc774\ud130\uac00 \ud3ec\ud568\ub41c \ud14c\uc774\ube14 \ud56d\ubaa9\uc744 \ubcf4\ud638\ud558\uae30 \uc704\ud574 \uc720\uc0ac\ud55c \uacfc\uc815\uc744 \uc0ac\uc6a9\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n \uc608\uc81c \ucf54\ub4dc<\/a>\ub294 aws-dynamodb-encryption-python<\/a> \uc800\uc7a5\uc18c\uc758 \uc0d8\ud50c \ub514\ub809\ud1a0\ub9ac \ub0b4\uc5d0\uc11c \ud655\uc778\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n \uba3c\uc800 \uae30\uc874 \ud14c\uc774\ube14\uc744 \ub300\ud45c\ud558\ub294 DynamoDB \ud14c\uc774\ube14 \ub9ac\uc18c\uc2a4\ub97c \uc0dd\uc131 \ud569\ub2c8\ub2e4. \ucf54\ub4dc\ub97c \uc0ac\uc6a9\ud560 \ub54c\ub294 \uc720\ud6a8\ud55c \ud14c\uc774\ube14 \uc774\ub984\uc744 \uc0ac\uc6a9\ud574\uc57c \ud569\ub2c8\ub2e4.<\/p>\n \uc6b0\uc120 Cryptographic materials provider(CMP)\uc758 \uc778\uc2a4\ud134\uc2a4\ub97c \uc0dd\uc131 \ud569\ub2c8\ub2e4. CMP\ub294 \ud14c\uc774\ube14 \ud56d\ubaa9\uc744 \uc554\ud638\ud654 \ud558\uace0 \uc11c\uba85\ud558\uae30 \uc704\ud574 \uc0ac\uc6a9\ub418\ub294 \uc554\ud638\ud654 \ubc0f \uc11c\uba85 \ud0a4\ub97c \uc218\uc9d1\ud558\ub294 \ucef4\ud3ec\ub10c\ud2b8 \uc785\ub2c8\ub2e4. \ub610\ud55c, CMP\ub294 \uc0ac\uc6a9\ub420 \uc554\ud638\ud654 \uc54c\uace0\ub9ac\uc998\uc758 \uacb0\uc815\uacfc \ud568\uaed8, \ubaa8\ub4e0 \ud56d\ubaa9\uc5d0 \ub300\ud574 \uace0\uc720\uc758 \ud0a4\ub97c \uc0dd\uc131\ud560\uc9c0 \uc7ac \uc0ac\uc6a9\ud560\uc9c0\ub97c \uacb0\uc815\ud569\ub2c8\ub2e4. DynamoDB Encryption Client\ub294 \uc5ec\ub7ec CMP\ub97c \ud3ec\ud568\ud558\uace0 \uc788\uc73c\uba70, \uace0\uc720\uc758 CMP\ub97c \uc9c1\uc811 \uc0dd\uc131\ud560 \uc218\ub3c4 \uc788\uc2b5\ub2c8\ub2e4. \uc774\uc5d0 \ub300\ud574 \uc870\uae08\uc758 \uc758\uc2ec\uc774\ub77c\uace0 \uc0dd\uae34\ub2e4\uba74, \uc751\uc6a9 \ud504\ub85c\uadf8\ub7a8\uacfc \ubcf4\uc548 \uc694\uad6c\uc0ac\ud56d\uc5d0 \ub9de\ub294 CMP\ub97c \uc120\ud0dd\ud558\ub294\ub370 \ub3c4\uc6c0<\/a>\uc744 \uc904\uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n \uc774 \uc608\uc81c\uc5d0\uc11c\ub294 AWS Key Management Service<\/a> (AWS KMS)\uc5d0\uc11c \uc554\ud638\ud654 \uc790\ub8cc\ub97c \uac00\uc838\uc624\ub294 Direct KMS Provider<\/a>\ub97c \uc0ac\uc6a9\ud560 \uac83 \uc785\ub2c8\ub2e4. \uc554\ud638\ud654 \ubc0f \uc11c\uba85 \ud0a4\ub294 AWS account\ub0b4 customer master key<\/a>\uc5d0 \uc758\ud574 \ubcf4\ud638\ub418\uba70, \uc554\ud638\ud654\ub418\uc9c0 \uc54a\uc740 \uc0c1\ud0dc\ub85c\ub294AWS KMS\ub97c \ubc97\uc5b4\ub098\uc9c0 \uc54a\uc2b5\ub2c8\ub2e4.<\/p>\n Direct KMS Provider\ub97c \uc0dd\uc131\ud558\ub824\uba74 AWS KMS \uace0\uac1d \ub9c8\uc2a4\ud130 \ud0a4\ub97c \uc9c0\uc815\ud574\uc57c \ud569\ub2c8\ub2e4. \uc774 \uc608\uc81c\uc758 \uac00\uc0c1 \ub9c8\uc2a4\ud130 \ud0a4 ID (aws-cmk-id \uac12)\ub97c \uc720\ud6a8\ud55c \uac83\uc73c\ub85c \ubc14\uafd4\uc57c \ud568\uc744 \uc720\uc758 \ud558\uc2dc\uae30 \ubc14\ub78d\ub2c8\ub2e4.<\/p>\n \uc18d\uc131 \uc791\uc5c5 \uac1d\uccb4\ub294 <\/em>DynamoDB Encryption Client\uc5d0\uac8c \uc554\ud638\ud654 \ud560 \ud56d\ubaa9\uc758 \uc18d\uc131 \uac12\uacfc \uc11c\uba85\uc5d0 \ud3ec\ud568\ub420 \uc18d\uc131 \uac12\uc744 \uc548\ub0b4 \ud569\ub2c8\ub2e4.<\/em> \ud574\ub2f9 \uc635\uc158\uc740 ENCRYPT_AND_SIGN, SIGN_ONLY, \uadf8\ub9ac\uace0 DO_NOTHING \uc785\ub2c8\ub2e4.<\/p>\n \uc774 \uc0d8\ud3f4 \uc18d\uc131 \uc791\uc5c5\uc740 \ud14c\uc2a4\ud2b8 \uc18d\uc131 \uac12\uc744 \uc81c\uc678\ud55c \ubaa8\ub4e0 \uc18d\uc131 \uac12\uc744 \uc554\ud638\ud654 \ud558\uace0 \uc11c\uba85 \ud569\ub2c8\ub2e4. \ud14c\uc2a4\ud2b8 \uc18d\uc131 \uac12\uc740 \uc554\ud638\ud654 \ub418\uac70\ub098 \uc11c\uba85\uc5d0 \ud3ec\ud568\ub418\uc9c0 \uc54a\uc2b5\ub2c8\ub2e4.<\/p>\n \ub2e4\uc74c \ub2e8\uacc4\uc5d0\uc11c \uc0ac\uc6a9EncryptedTable \ud074\ub798\uc2a4\uc640 \uac19\uc740 \ud5ec\ud37c \ud074\ub798\uc2a4\ub97c \uc0ac\uc6a9\ud558\ub294 \uacbd\uc6b0, primary key\ub97c \uc704\ud55c \uc18d\uc131 \uc791\uc5c5\uc744 \uc9c0\uc815\ud560 \uc218 \uc5c6\uc2b5\ub2c8\ub2e4. \ud5ec\ud37c \ud074\ub798\uc2a4\ub294 primary key\uac00 \uc11c\uba85 \ub418\uc5c8\uc73c\ub098 \uc554\ud638\ud654\uac00 \ub418\uc9c0 \uc54a\uc558\ub294\uc9c0\ub97c \ud655\uc778\ud569\ub2c8\ub2e4. (SIGN_ONLY)<\/p>\n \uc774\uc81c \uc790\ub8cc \uacf5\uae09\uc790(materials provider) \ubc0f \uc18d\uc131 \uc791\uc5c5\uacfc \ud568\uaed8 \uc6d0\ubcf8 \ud14c\uc774\ube14 \uac1d\uccb4\ub97c \uc0ac\uc6a9\ud558\uc5ec \uc554\ud638\ud654\ub41c \ud14c\uc774\ube14\uc744 \uc0dd\uc131\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n \uc774 \uc608\uc81c\uc5d0\uc11c\ub294 Python\uc6a9 AWS SDK(Boto 3)<\/a>\ub0b4 DynamoDB \ud14c\uc774\ube14 \ud074\ub798\uc2a4<\/a>\uc5d0 \uc554\ud638\ud654 \uae30\ub2a5\uc744 \ucd94\uac00\ud558\ub294 EncryptedTable \ud5ec\ud37c \ud074\ub798\uc2a4\ub97c \uc0ac\uc6a9\ud569\ub2c8\ub2e4. Python\uc758 DynamoDB \uc554\ud638\ud654 \ud074\ub77c\uc774\uc5b8\ud2b8\uc5d0\ub294 EncryptedClient \ubc0f EncryptedResource \ud5ec\ud37c \ud074\ub798\uc2a4\ub3c4 \ud3ec\ud568\ub418\uc5b4 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n DynamoDB Encryption Client \ud5ec\ud37c \ud074\ub798\uc2a4\ub294 primary key\ub97c \ucc3e\uae30\uc704\ud55c DescribeTable<\/a> \uc791\uc5c5\uc744 \ud638\ucd9c \ud569\ub2c8\ub2e4. \ucf54\ub4dc\ub97c \uc2e4\ud589\ud558\ub294 \uc751\uc6a9 \ud504\ub85c\uadf8\ub7a8\uc5d0\ub294 \uc791\uc5c5\uc744 \ud638\ucd9c\ud558\ub294 \uad8c\ud55c\uc774 \uc788\uc5b4\uc57c \ud569\ub2c8\ub2e4.<\/p>\n \ud074\ub77c\uc774\uc5b8\ud2b8 \uad6c\uc131\uc744 \ub9c8\ucce4\uc2b5\ub2c8\ub2e4. \uc774\uc81c \ud14c\uc774\ube14 \ud56d\ubaa9\uc758 \uc554\ud638\ud654, \uc11c\uba85, \uac80\uc99d \ubc0f \ubcf5\ud638\ud654 \ud560\uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n DynamoDB \ud14c\uc774\ube14\uc5d0 \ud56d\ubaa9\uc744 \uc0dd\uc131 \ud569\ub2c8\ub2e4.<\/p>\n PutItem<\/a>\uc744 \ud638\ucd9c\ud560\ub54c \uc774 \ud56d\ubaa9\uc740 \uc11c\uba85\ub418\uc5c8\uc73c\ub098 \uc554\ud638\ud654\ub418\uc9c0 \uc54a\uc740 primary key\uc640 \ubb34\uc2dc\ub418\ub294 \ud14c\uc2a4\ud2b8 \uc18d\uc131\uc740 \uc81c\uc678\ud558\uace0 \ud22c\uba85\ud558\uac8c \uc554\ud638\ud654\ub418\uace0 \uc11c\uba85\ub429\ub2c8\ub2e4.<\/p>\n GetItem\uc744 \ud638\ucd9c\ud558\uba74 \ud56d\ubaa9\uc774 \ud22c\uba85\ud558\uac8c \ud655\uc778\ub418\uace0 \ud574\ub3c5\ub429\ub2c8\ub2e4.<\/p>\n \uc554\ud638\ud654 \ub41c \ud56d\ubaa9\uc744 \ubcf4\ub824\uba74 encrypted_table \uac1c\uccb4 \ub300\uc2e0 \uc6d0\ubcf8 \ud14c\uc774\ube14 \uac1c\uccb4\uc5d0\uc11c GetItem \uc791\uc5c5\uc744 \ud638\ucd9c\ud558\uc2ed\uc2dc\uc624. DynamoDB \ud14c\uc774\ube14\uc744 \ud655\uc778 \ubc0f \ud574\ub3c5\ud558\uc9c0 \uc54a\uace0 \ud56d\ubaa9\uc744 \uac00\uc838\uc635\ub2c8\ub2e4.<\/p>\n \uc544\ub798\ub294 \uc554\ud638\ud654\ub418\uace0 \uc11c\uba85\ub41c \ud56d\ubaa9\uc744 \ud45c\uc2dc\ud558\ub294 \ucd9c\ub825\uc758 \uc77c\ubd80 \uc785\ub2c8\ub2e4.<\/p>\n Figure 1: \uc554\ud638\ud654\ub41c \ud56d\ubaa9\uc758 \ucd9c\ub825 \ud45c\uc2dc \uc608<\/em><\/p>\n DynamoDB Encryption Client\ub294 \ud074\ub77c\uc774\uc5b8\ud2b8 \uce21 \uc554\ud638\ud654<\/em>(client-side encryption)\ub97c \uc704\ud574 \uc124\uacc4\ub418\uc5c8\uc73c\uba70, DynamoDB\uc5d0 \ub370\uc774\ud130\ub97c \uc804\uc1a1\ud558\uae30 \uc804\uc5d0 \uc554\ud638\ud654 \ud569\ub2c8\ub2e4.<\/p>\n \ub2e4\ub978 \uc635\uc158\ub3c4 \uc788\uc2b5\ub2c8\ub2e4. DynamoDB\ub294 \uc720\ud734 \uc2dc \uc554\ud638\ud654<\/a>(Encryption At Rest) \uc989, \uc11c\ubc84 \uce21 \uc554\ud638\ud654(Server-side encryption)\uc744 \uc9c0\uc6d0\ud558\uc5ec \ub514\uc2a4\ud06c\ub97c \ud14c\uc774\ube14\uc5d0 \uc800\uc7a5\ud560\ub54c \ub9c8\ub2e4 \ud22c\uba85\ud558\uac8c \ub370\uc774\ud130\ub97c \uc554\ud638\ud654 \ud560\uc218 \uc788\uc2b5\ub2c8\ub2e4. DynamoDB Encryption Client\uc640 \uc720\ud734 \uc2dc \uc554\ud638\ud654(Encryption At Rest) \ubc29\uc2dd\uc744 \ud568\uaed8 \uc0ac\uc6a9\ud560 \uc218\ub3c4 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n \ud074\ub77c\uc774\uc5b8\ud2b8\uac00 \uc0dd\uc131\ud558\ub294 \uc554\ud638\ud654\ub418\uace0 \uc11c\uba85\ub41c \ud56d\ubaa9\uc740 \ud45c\uc900 \ud14c\uc774\ube14 \ud56d\ubaa9\uc73c\ub85c \uadf8 \uc18d\uc131 \uac12\uc5d0 \uc774\uc9c4 \ub370\uc774\ud130\uac00 \ud3ec\ud568\ub418\uc5b4 \uc788\uc2b5\ub2c8\ub2e4. \ub370\uc774\ud130\uc758 \ubbfc\uac10\ub3c4\uc640 \uc751\uc6a9 \ud504\ub85c\uadf8\ub7a8\uc758 \ubcf4\uc548 \uc694\uac74\uc5d0 \uc758\ud558\uc5ec \uc120\ud0dd\ud558\uc5ec \uc0ac\uc6a9\uc774 \uac00\ub2a5\ud569\ub2c8\ub2e4.<\/p>\n Java \ubc0f Python \ubc84\uc804\uc758 DynamoDB Encryption Client\uac00 \uc644\ubcbd\ud558\uac8c \ud638\ud658 \uac00\ub2a5\ud558\uc9c0\ub9cc, DynamoDB Encryption Client\ub294 AWS Encryption SDK<\/a> \ub610\ub294 S3 Encryption Client<\/a>\uc640 \uac19\uc740 \ub2e4\ub978 \ud074\ub77c\uc774\uc5b8\ud2b8 \uce21 \uc554\ud638\ud654 \ub77c\uc774\ube0c\ub7ec\ub9ac\uc640 \ud638\ud658\ub418\uc9c0 \uc54a\uc2b5\ub2c8\ub2e4. \ud558\ub098\uc758 \ub77c\uc774\ube0c\ub7ec\ub9ac\ub85c \ub370\uc774\ud130\ub97c \uc554\ud638\ud654\ud558\uace0 \ub2e4\ub978 \ub77c\uc774\ube0c\ub7ec\ub9ac\ub85c \ubcf5\ud638\ud654\ud560 \uc218 \ub294 \uc5c6\uc2b5\ub2c8\ub2e4. DynamoDB\uc5d0 \uc800\uc7a5\ud558\ub294 \ub370\uc774\ud130\uc758 \uacbd\uc6b0 DynamoDB Encryption Client\uc758 \uc0ac\uc6a9\uc744 \uad8c\uc7a5 \ud569\ub2c8\ub2e4.<\/p>\n DynamoDB Encryption Client\uc640 \uac19\uc740 \ub3c4\uad6c\ub97c \uc0ac\uc6a9\ud558\uba74 \ud14c\uc774\ube14 \ub370\uc774\ud130\ub97c \ubcf4\ud638\ud558\uace0 \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc758 \ubcf4\uc548 \uc694\uad6c \uc0ac\ud56d\uc744 \uc900\uc218\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4. \ud574\ub2f9 \ud074\ub77c\uc774\uc5b8\ud2b8\ub97c \uc0ac\uc6a9\ud558\uc5ec GitHub<\/a>\ub0b4 \uac1c\ubc1c\uc5d0 \ub3d9\ucc38\ud558\uae30\ub97c \ubc14\ub78d\ub2c8\ub2e4.<\/p>\n \uc774 \uac8c\uc2dc\ubb3c\uc5d0 \ub300\ud55c \uc758\uacac\uc774 \uc788\uc73c\uc2dc\uba74 \uc544\ub798\uc758 \ub313\uae00 \uc139\uc158\uc5d0 \uc758\uacac\uc744 \uc81c\ucd9c\ud558\uc2ed\uc2dc\uc624. Amazon DynamoDB Encryption Client\uc5d0 \ub300\ud55c \uc9c8\ubb38\uc774 \uc788\ub294 \uacbd\uc6b0 Java<\/a> \ub610\ub294 Python<\/a> \uc6a9 GitHub repos\uc5d0 \ubb38\uc81c\ub97c \uc81c\ucd9c\ud558\uac70\ub098 AWS Crypto Tools Discussion Forum<\/a>\uc5d0 \uc758\uacac\uc744 \ubcf4\ub0b4 \uc8fc\uc2dc\uae30\ubc14\ub78d\ub2c8\ub2e4.<\/p>\n \uc774 \uae00\uc740 AWS Security Blog\uc5d0 \uac8c\uc7ac\ub41c How to encrypt and sign DynamoDB data in your application<\/a>\uc758 \ud55c\uad6d\uc5b4 \ubc88\uc5ed\ubcf8\uc73c\ub85c\uc11c \uc720\uc81c\uad11 AWS \ubcf4\uc548 \ucee8\uc124\ud134\ud2b8\uaed8\uc11c \ubc88\uc5ed\ud574 \uc8fc\uc168\uc2b5\ub2c8\ub2e4.<\/em><\/p>\n Source: Amazon DynamoDB \ub370\uc774\ud130 \uc554\ud638\ud654 \ubc0f \uc11c\uba85 \ubc29\ubc95<\/a><\/p>\n","protected":false},"excerpt":{"rendered":" Amazon DynamoDB \ub370\uc774\ud130 \uc554\ud638\ud654 \ubc0f \uc11c\uba85 \ubc29\ubc95 \ubbfc\uac10\ud55c \ub370\uc774\ud130\ub098 \uae30\ubc00 \ub370\uc774\ud130\ub97c Amazon DynamoDB\uc5d0 \uc800\uc7a5\ud558\ub294 \uacbd\uc6b0, \ud574\ub2f9 \ub370\uc774\ud130\ub97c \uc554\ud638\ud654\ud558\uc5ec \ub370\uc774\ud130 \uc218\uba85 \uc8fc\uae30\ub3d9\uc548 \ubcf4\ud638\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4. DynamoDB Encryption Client\ub97c \uc0ac\uc6a9\ud558\uc5ec DynamoDB\ub85c \uc804\uc1a1\ud558\uae30 \uc804\uc5d0 \ud14c\uc774\ube14 \ub370\uc774\ud130\ub97c \ubcf4\ud638\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4. \ubbfc\uac10\ud55c \ub370\uc774\ud130\ub97c \uc804\uc1a1 \uc911(In Transit) \ubc0f \uc720\ud734 \uc2dc(At Rest) \uc554\ud638\ud654\ud558\uba74 AWS\ub97c \ud3ec\ud568\ud558\uc5ec \uc81c 3\uc790\ub294 \ud3c9\ubb38 \ub370\uc774\ud130\uc758 \uc0ac\uc6a9\uc774 \ubd88\uac00\ub2a5 \ud569\ub2c8\ub2e4. DynamoDB Encryption Client\ub97c \uc0ac\uc6a9\ud558\ub824\uba74, \uc5ec\ub7ec\ubd84\uc774 \uc554\ud638 \uc804\ubb38\uac00\uc77c \ud544\uc694\ub294 \uc5c6\uc2b5\ub2c8\ub2e4. \uc554\ud638\ud654 \ubc0f \uc11c\uba85 \uc694\uac74\ub4e4\uc740 \uae30\uc874 DynamoDB \uc5b4\ud50c\ub9ac\ucf00\uc774\uc158\uacfc \ud568\uaed8 \ub3d9\uc791\ud558\ub3c4\ub85d \uc124\uacc4\ub418\uc5b4 \uc788\uc2b5\ub2c8\ub2e4. \ud544\uc694\ud55c \ucef4\ud3ec\ub10c\ud2b8\ub4e4\uc744 \uc0dd\uc131\ud558\uace0 \uad6c\uc131\uc744 \uc801\uc6a9\ud55c \ub4a4, DynamoDB Encryption Client\ub294 PutItem\uc744 \ud638\ucd9c\uc2dc \ud14c\uc774\ube14 \ud56d\ubaa9\uc744 \ud22c\uba85\ud558\uac8c \uc554\ud638\ud654\ud558\uace0 \uc11c\uba85\ud558\uba70, GetItem\uc744 \ud638\ucd9c\ud560\ub54c \uac80\uc99d\ud558\uace0 \ubcf5\ud638\ud654 \ud569\ub2c8\ub2e4. \uace0\uc720\ud55c \uc0ac\uc6a9\uc790 \uc815\uc758 \ucef4\ud3ec\ud134\ud2b8(Component)\ub97c \uc0dd\uc131\ud558\uac70\ub098 \ub77c\uc774\ube0c\ub7ec\ub9ac\uc5d0 \ud3ec\ud568\ub41c \uae30\ubcf8 \uad6c\ud604\uc744 \uc0ac\uc6a9\ud560 \uc218\ub3c4 \uc788\uc2b5\ub2c8\ub2e4. AWS\uc5d0\uc11c \uc81c\uacf5\ud558\ub294 \ud074\ub798\uc2a4\ub294 \uac15\ub825\ud558\uace0 \uc548\uc804\ud55c \uc554\ud638\ud654\ub97c \uad6c\ud604\ud560 \uc218 \uc788\ub3c4\ub85d \ub418\uc5b4 \uc788\uc2b5\ub2c8\ub2e4. DynamoDB Encryption Client\ub294 AWS Key Management Service (Aws KMS) \ub610\ub294 AWS CloudHSM\uacfc \ud568\uaed8 \uc0ac\uc6a9\uc774 \uac00\ub2a5\ud558\uc9c0\ub9cc, \ub77c\uc774\ube0c\ub7ec\ub9ac\uac00 AWS \ub610\ub294 \ub2e4\ub978 AWS \uc11c\ube44\uc2a4\ub97c [ more… ]<\/a><\/p>\n<\/div>","protected":false},"author":1,"featured_media":26083,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[169],"tags":[656],"class_list":["post-26082","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-aws"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/26082","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/comments?post=26082"}],"version-history":[{"count":1,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/26082\/revisions"}],"predecessor-version":[{"id":26084,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/26082\/revisions\/26084"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/media\/26083"}],"wp:attachment":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/media?parent=26082"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/categories?post=26082"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/tags?post=26082"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\ub3d9\uc791 \ubc29\ubc95<\/strong><\/h3>\n
\uc0ac\uc6a9\ubc29\ubc95<\/strong><\/h3>\n
Step 1: \ud14c\uc774\ube14 \uc0dd\uc131<\/strong><\/h4>\n
# Create a DynamoDB table\ntable = boto3.resource('dynamodb').Table(table_name)\n<\/code><\/pre>\nStep 2: \uc554\ud638\ud654 \uc790\ub8cc \uacf5\uae09\uc790(Cryptographic materials provider) \uc0dd\uc131\ud558\uae30<\/strong><\/h4>\n
<\/code><\/p>\n# Create a Direct KMS provider. Pass in a valid KMS customer master key.\naws_cmk_id = '1234abcd-12ab-34cd-56ef-1234567890ab'\naws_kms_cmp = AwsKmsCryptographicMaterialsProvider(key_id=aws_cmk_id)<\/code><\/pre>\nStep 3: \uc18d\uc131 \uc791\uc5c5 \uac1d\uccb4(Attribute actions object)\uc758 \uc0dd\uc131<\/strong><\/h4>\n
\n# Tell the encrypted table to encrypt and sign all attributes except one.\nactions = AttributeActions(\n default_action=CryptoAction.ENCRYPT_AND_SIGN,\n attribute_actions={\n 'test': CryptoAction.DO_NOTHING\n }\n)\n<\/code><\/pre>\n<\/div>\nStep 4: \uc554\ud638\ud654\ub41c \ud14c\uc774\ube14\uc758 \uc0dd\uc131<\/strong><\/h4>\n
# Use these objects to create an encrypted table resource.\nencrypted_table = EncryptedTable(\n table=table,\n materials_provider=aws_kms_cmp,\n attribute_actions=actions\n)\n<\/code><\/pre>\nStep 5: \ud14c\uc774\ube14\uc5d0 \ud56d\ubaa9\uc758 \uc0dd\uc131<\/strong><\/h4>\n
plaintext_item = {\n 'partition_key': 'key1',\n 'sort_key': 'key2'\n 'example': 'data',\n 'numbers': 99,\n 'binary': Binary(b'x00x01x02'),\n 'test': 'test-value'\n}\n<\/code><\/pre>\nencrypted_table.put_item(Item=plaintext_item)\n<\/code><\/pre>\ndecrypted_item = encrypted_table.get_item(Key=partition_key)['Item']\n<\/code><\/pre>\nencrypted_item = table.get_item(Key=partition_key)['Item']<\/code><\/pre>\n\n ![\"Output](\"https:\/\/d2908q01vomqb2.cloudfront.net\/22d200f8670dbdb3e253a90eee5098477c95c23d\/2018\/05\/03\/DynamoDB-encrypt-01-v2-2.png\")
\n<\/div>\n\ud074\ub77c\uc774\uc5b8\ud2b8 \ud639\uc740 \uc11c\ubc84 \uae30\ubc18 \uc554\ud638\ud654 \uc120\ud0dd\ud558\uae30 <\/strong><\/h3>\n
\uc554\ud638\ud654\ub294 \uc911\uc694\ud569\ub2c8\ub2e4<\/strong>.<\/strong><\/h3>\n