Overview
Protect against Amazon S3 breaches due to misconfiguration or attack. Regulations and security frameworks, such as GDPR, NIST, CCPA, and PCI-DSS, demand control & "least privilege" access to sensitive data in AWS. Baffle provides application-level encryption (the gold standard for data security) without the cost, time, and effort of other products. In SaaS (multi-tenant) applications, enable every tenant to provide their own key (BYOK,HYOK).
Baffle makes the migration of data into AWS S3 buckets easy, performant and secure.
With no client-side code changes, translate and encrypt between S3, SFTP, HTTP and Baffle API client to Amazon S3.
Deploy as a container (not a SaaS) to preserve privacy, scale, and support HA/DR within your existing infrastructure architecture.
Encrypt entire files or elements of files (text, JSON, XML, CSV, and Parquet) using traditional AES or format preserving encryption.
Enable logical data isolation between tenants and geographies by allowing each tenant to encrypt with their own key (BYOK, HYOK).
Use Baffle’s S3 data proxy to migrate data and secure the entire pipeline for GenAI training, Data warehouses, and the multitude of other services AWS offers with S3 as their data lakes.
Highlights
- With no client-side code changes, translate and encrypt between S3, SFTP, HTTP and Baffle API client to Amazon S3.
- Deploy as a container (not a SaaS) to preserve privacy, scale, and support HA/DR within your existing infrastructure architecture.
- Encrypt entire files or elements of files (text, JSON, XML, CSV, and Parquet) using traditional AES or format preserving encryption.
Details
Features and programs
Financing for AWS Marketplace purchases
Pricing
Free trial
Instance type | Product cost/hour | EC2 cost/hour | Total/hour |
|---|---|---|---|
t2.large | $0.50 | $0.093 | $0.593 |
t3.large | $0.50 | $0.083 | $0.583 |
t3.xlarge | $0.50 | $0.166 | $0.666 |
m4.xlarge | $0.50 | $0.20 | $0.70 |
m5.large | $0.50 | $0.096 | $0.596 |
m5.xlarge | $0.50 | $0.192 | $0.692 |
Vendor refund policy
Free 30-day trial. Refunds are handled on a case-by-case basis via support.
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
Baffle Trial for Data Security for Amazon S3
This CloudFormation (CF) template automates the setup for Baffle Trial for Data Security for Amazon S3 on AWS credentials, and IP whitelisting. It then employs conditions to adapt resource creation based on the selected workflow.
The template provisions foundational resources like VPCs, subnets, internet gateways, and route tables for networking. It also sets up an S3 bucket and IAM roles for managing keys and permissions.
Security measures include the setup of EC2 security groups and IAM roles, ensuring controlled access to resources and encrypted data transmission.
Outputs provide convenient access URLs for Baffle Manager and baffle s3 endpoint
By encapsulating all these configurations into a single template, this CF script simplifies the deployment and management of Baffle Data Protection, fostering a secure and efficient data environment on AWS.
DeleteBucketLambdaExecutionRole: The Lambda execution role is needed to empty the content of data and key S3 buckets. The bucket needs to be emptied before it can be deleted while tearing the stacks. The following are policies needed Lambda Assume Role List and Delete object roles on 2 specific S3 buckets CloudWatch role to log BaffleShieldRole: This is required for the Baffle Manager and Baffle S3 Proxy to generate the key, store the key in S3, and store the operated file in the S3. The following are policies needed EC2 assume role S3 put, get, list object and get bucket policy on 2 S3 bucket
CloudFormation Template (CFT)
AWS CloudFormation templates are JSON or YAML-formatted text files that simplify provisioning and management on AWS. The templates describe the service or application architecture you want to deploy, and AWS CloudFormation uses those templates to provision and configure the required services (such as Amazon EC2 instances or Amazon RDS DB instances). The deployed application and associated resources are called a "stack."
Version release notes
Realese 2.9.3.10
Additional details
Usage instructions
Run the CF template
An email ID is requested to create an account with the Baffle service. The email ID is used to ensure uniqueness of the account name. The email ID is not collected nor will Baffle send emails to that email ID
If asked for a startup password please input "baffle123"
Resources
Vendor resources
Support
Vendor support
" PLEASE NOTE: Pricing is for illustration purposes only and varies depending on customer environment, requirements and other factors. Please contact us at for more details." docs.baffle.io
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
