How to Move Data to the GP Cloud
The exact procedure depends on the amount of data to be moved. For example, if the data is less than one terabyte (1 TB), the procedure would be roughly as follows:
- Create S3 bucket with policy that encrypts all contents with a KMS (Key Management Service) key. This ensures that all objects are encrypted (with controlled keys) the moment they land in S3
- Utilize the AWS command line tools to upload the contents from the internal site to S3. The AWS CLI uses HTTPS transport and validates all certificates to ensure that all data is encrypted in motion to AWS
This is simple to implement and ensures data encryption while in motion and at rest. There are additional things that can be done if more restrictions are required; such as encrypting the content locally prior to uploading or transferring the data over a SSH tunnel to private S3 endpoint.
If the data is more than 1 TB, then services such as AWS Snowball can be used. The AWS Snowball Documentation details all the levels that Snowball ensures that the data is encrypted while in motion and at rest.