Encryption
All data encrypted at rest and in transit.
At Rest
| Resource | Encryption |
|---|---|
| RDS PostgreSQL | AWS-managed KMS |
| S3 | AES-256 server-side encryption |
| OpenSearch Serverless | AWS-managed KMS |
| ElastiCache Valkey | AWS-managed (at-rest and in-transit) |
| Secrets Manager | AWS-managed KMS |
In Transit (TLS)
| Connection | Encryption |
|---|---|
| User → ALB | TLS 1.2+ |
| Control Plane → Data Plane | TLS |
| Data Plane → Bedrock | TLS |
| EKS → RDS/ElastiCache | TLS |
MCP Credentials
Stored in your Secrets Manager:
- Encrypted with KMS
- Accessed via IRSA (no static credentials)
- Never logged or cached in plain text
Next
Last updated on