In one of my product I want the following compliances to be available
- in-transit data protection
- Data-protection at rest
- In regions data storage
I am using AWS S3 for data storage
What I know till now is
If I use HTTPS (with AWS or ant 256bit encryption SSL ) the data transfer is secure by default and it satisfies 1 i.e (in-transit data protection ). Correct me if I understand it wrong
If If I use Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3) (https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html) I can achieve 2 i.e ( Data-protection at rest). There are other options as well to encrypt data at rest. Please suggest if some other option you might have tried and better than this.
Now comes the 3 ( In regions data storage) I have no idea how can I achieve this or I understand that compliance right.
I have found a few products who claim this compliance
Like this
Now, organizations in Europe, Asia, Canada or Australia can use local data storage to address regional and some country-specific data privacy concerns, customer data residency concerns and requirements to store files in-region.
Shall I have separate s3 buckets in each region for the country we are serving? And depends upon the user location will store data in their specific region bucket? as of now, we will be in US, UAE, EU.
