Encryption - Teradata Software for AWS

Teradata Vantageā„¢ on AWS (DIY) Installation and Administration Guide

Product
Teradata Vantage on AWS
Release Number
5.08
Published
November 2018
Language
English (United States)
Last Update
2018-11-07
dita:mapPath
upc1519757374969.ditamap
dita:ditavalPath
TeradataAWS_PubCloud_5.08.ditaval
dita:id
B035-2800
lifecycle
previous
Product Category
Cloud

To protect sensitive data, you can encrypt Teradata data volumes by setting the EBS Encryption parameter when deploying Teradata Database. EBS Encryption uses a default customer master key (CMK) to encrypt data volumes when using either deployment.

You can also encrypt the root disk by setting the Root Disk Encryption parameter when deploying Teradata Database. Root Disk Encryption uses a default CMK to encrypt the root volume when using either deployment.

Encryption of Teradata data volumes and the root disk is supported only for m4 instance types for the Base, Advanced, and Enterprise tiers.

If you create and manage a CMK using the AWS Key Management Service or bring your own encryption keys, Teradata refers to these as non-default CMKs. To encrypt the data volumes or root disk using a non-default CMK, a custom CMK encryption AWS CloudFormation template is required, but is not available on the AWS Marketplace. Due to the complexity of this process, you must schedule an appointment with Teradata Consulting Services so they can provide the template and assistance.

If a node fails, the replacement node inherits the encryption setting of the failed node.

If you are scaling out, the new nodes inherit the encryption setting.

If you deploy AWS systems using AWS Marketplace products with multiple AWS accounts, the custom CMK encryption AWS CloudFormation template needs modifications. You must contact Teradata Consulting Services.