Overview
With Baffle, Amazon RDS and Aurora are the only PostgreSQL cloud services that have more data security capabilities than Oracle and MS SQL Server, enabling you to migrate off of costly legacy databases and securely modernize your applications.
Challenges Regulations and security frameworks, such as GDPR, NIST, CCPA, and PCI, demand control & "least privilege" access to sensitive data in AWS. Baffle provides application-level encryption (the gold standard for data security) without the cost, time, and effort of other products.
Solution Baffle has 4 key features:
- No-code Implementation deploys and protects your data and 3rd party apps in hours, not weeks/months
- Highly performant and scalable architecture mean applications continue to meet their SLAs
- Data-in-Use Protection ensures data is protected, even from compromised database or cloud admin accounts
- Role-based Access Control ensures only authorized users can access sensitive data in clear text
Benefits Baffle's solution is easy to deploy, fast and scalable, provides comprehensive and flexible security which quickly protects your sensitive data, speeds time to value, reduces your costs to to implement and maintain, and virtually eliminates the impacts of a data breach
Highlights
- Easy: Baffle's No-code Implementation means no application code changes are required to deploy and use as well as any changes in data protection policies dont impact application development
- Fast: Baffle's architecture ensures fast, scalable performance, adapting to increased loads through vertical or horizontal scaling. It optimizes cryptographic operations with hardware capabilities.
- Comprehensive: Baffle's Data-in-use Protection secures data during access, maintaining a fail-safe posture even in breaches. It complements data security at rest and in transit.
Details
Features and programs
Financing for AWS Marketplace purchases
Pricing
Free trial
Instance type | Product cost/hour | EC2 cost/hour | Total/hour |
---|---|---|---|
t2.large | $0.50 | $0.093 | $0.593 |
t3.large | $0.50 | $0.083 | $0.583 |
t3.xlarge | $0.50 | $0.166 | $0.666 |
m4.xlarge | $0.50 | $0.20 | $0.70 |
m5.large | $0.50 | $0.096 | $0.596 |
m5.xlarge | $0.50 | $0.192 | $0.692 |
Vendor refund policy
Free 30-day trial. Refunds are handled on a case-by-case basis via support.
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
Baffle Trial for RDS & Aurora PostgreSQL
"This CloudFormation (CF) template automates the setup for Baffle Data Protection for Databases on AWS. It orchestrates the creation of various resources necessary for the workflow, streamlining the process and ensuring consistency.
The template begins with parameter definitions allowing customization of workflow options, user credentials, and IP whitelisting. It then employs conditions to adapt resource creation based on the selected workflow.
The template provisions foundational resources like VPCs, subnets, internet gateways, and route tables for networking. It also sets up an S3 bucket and IAM roles for managing keys and permissions.
For database management, it creates an RDS instance with custom settings, including disabling SSL and enabling logical replication. Secrets for database access are securely managed using AWS Secrets Manager.
Security measures include the setup of EC2 security groups and IAM roles, ensuring controlled access to resources and encrypted data transmission.
Additionally, the template facilitates Database Migration Service (DMS) setup for data replication tasks, providing endpoints and task configurations for migration operations.
Outputs provide convenient access URLs for Baffle Manager, PGAdmin, and DMS migration tasks, along with commands for managing DMS tasks via AWS CLI.
By encapsulating all these configurations into a single template, this CF script simplifies the deployment and management of Baffle Data Protection, fostering a secure and efficient data environment on AWS."
CloudFormation Template (CFT)
AWS CloudFormation templates are JSON or YAML-formatted text files that simplify provisioning and management on AWS. The templates describe the service or application architecture you want to deploy, and AWS CloudFormation uses those templates to provision and configure the required services (such as Amazon EC2 instances or Amazon RDS DB instances). The deployed application and associated resources are called a "stack."
Version release notes
Release 2.8.4.3
Additional details
Usage instructions
Run the Cloud Formation script and use the following guide https://quickstart-baffle.s3.us-east-2.amazonaws.com/Quickstart+POC+-+Baffle+Data+Protection+for+Amazon+RDS+and+Aurora+(PostgreSQL)/AWS+Baffle+Static+Masking+for+Lower+Environment.docx.pdf The IAM role named BaffleShieldRole is designed with three key policies: Assume Role Policy: This policy allows EC2 instances to assume the role. Consequently, these instances gain permissions granted by the role to interact with other AWS services. AccessBaffleDBSecret Policy: Grants permission to retrieve sensitive information, such as database credentials (BaffleDBSecret), from AWS Secrets Manager. AccessScriptBucketAccess Policy: Provides access to an S3 bucket (BaffleKeyStorageBucket) for various operations, including listing and deleting objects. Scripts are downloaded from a public GitHub repository. The scripts used by the deployment of the Baffle service to get up-to-date configuration. An email ID is requested to create an account with the Baffle service. The email ID is used to ensure uniqueness of the account name. The email ID is not collected nor will Baffle send emails to that email ID
Resources
Vendor resources
Support
Vendor support
PLEASE NOTE: Pricing is for illustration purposes only and varies depending on customer environment, requirements and other factors. Please contact us at for more details.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.