Security in your use of the Amazon Shield network security director

Note

Amazon Shield network security director is in public preview release and is subject to change.

This section describes the key security considerations for using this network security director preview.

Data sources

When you run an analysis, network security director retrieves information about your Amazon resources using public Amazon API endpoints. The information retrieved includes resource attributes that are available to your account through the public Amazon APIs. For 60 days after you perform a network analysis, the information from the scan informs the findings and remediation recommendations provided by network security director.

Amazon Shield network security director also uses internal Amazon data sources and threat intelligence to identify findings and recommend remediations.

Data encryption

Review the following encryption considerations when using network security director.

Encryption at rest – All data is protected at rest.
Encryption in transit – All data is protected in transit using Transport Layer Security (TLS) encryption. All communication is authenticated using Amazon Simple Storage Service Amazon Signature Version 4 (SigV4). For information about SigV4, see Authenticating Requests (Amazon Signature Version 4) in the Amazon S3 User Guide.
Key management – Customer-managed keys are not currently supported.

Topics

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Troubleshooting Amazon Shield network security director

Identity and Access Management