BYOK 暗号化を設定する
Who can do this? |
Adding a BYOK-encrypted Atlassian app
AWS アカウントの設定と IAM ロールの作成が完了したら、Enterprise アカウント担当者にご連絡ください。BYOK をプロビジョニングいたします。これを行うには、組織管理者である必要があります。
Using the information you provide us, we'll set up your BYOK encryption and add a BYOK-encrypted app to your site.
If you want to add another BYOK-encrypted app to the same site, you need to contact your Enterprise account representative again so we can enable BYOK encryption for the new app. If you add a app directly via admin.atlassian.com, it will not be BYOK-encrypted.
Currently, we don’t support migration of data between locations once we’ve provisioned BYOK encryption for you.
After we create a BYOK-encrypted app for you, you can’t convert it into a non-BYOK app (i.e. a app with data encrypted with Atlassian-managed keys).
提供する必要がある情報
Enterprise アカウントの担当者に連絡して、次の情報を提供してください。
Your AWS account ID. This is the AWS account that you created specifically for managing BYOK encryption for your Atlassian apps. The ID is numeric, for example,
27976624415. How to find your AWS account IDCloud site name. The cloud site name you give should be a new and unique name. We'll add a BYOK-enabled app to this site name.
If you’ve already enabled BYOK for Jira, and you now want to enable BYOK for Confluence, you can give the site name used for Jira BYOK. It’s the same if you’ve enabled BYOK for Confluence and now want to enable it for Jira. So you can either use a new site for BYOK encryption, or an existing site that's been BYOK enabled.Where do you want to host your app data. Your decision also dictates where your keys are hosted, since all customer-managed keys and app data live within the same data residency location. Learn about data residency
ロケーションとして、ヨーロッパ、アメリカ、オーストラリア、カナダ、ドイツ、インド、日本、韓国、シンガポール、イギリスのいずれかを選択できます。
複数の地域を持つロケーション:
ヨーロッパの地域:
eu-central-1(フランクフルト) とeu-west-1(ダブリン)アメリカの地域:
us-east-1(バージニア北部) とus-west-2(オレゴン)
1 つの地域を持つロケーション:
オーストラリアの地域:
ap-southeast-2(シドニー)カナダの地域:
ca-cantral-1(カナダ中部)ドイツの地域:
eu-central-1(フランクフルト)インドの地域:
ap-south-1(ムンバイ)日本の地域:
ap-northeast-1(東京)韓国の地域:
ap-northeast-2(ソウル)シンガポールの地域:
ap-southeast-1(シンガポール)イギリスの地域:
eu-west-2(ロンドン)
We'll automatically pin your BYOK app to the location you chose. For locations with multiple regions, the created keys will reside in all AWS regions associated with that location. For the rest, the created keys will reside in the single AWS region associated with that location.
いったん BYOK をプロビジョニングすると、場所間でのデータ移行はできなくなります。
The apps that you want to create the BYOK encryption for. This can be Jira, Confluence, or Jira Service Management.
BYOK encryption for Jira or Jira Service Management will extend to include app data for all Jira family apps within the same site. This means that issue data for Jira and Jira Service Management on the same site will be encrypted with the keys managed in your external AWS account. Additionally, if you revoke your BYOK encryption keys access for Jira or Jira Service Management, all Jira family apps on that site will be suspended. What is the Jira family of apps?
Once you provide us with all the information, we’ll provision the app with BYOK encryption, and you'll have certain app data encrypted with keys hosted in your external AWS account. Learn what data is managed with BYOK encryption
View your BYOK-encrypted apps
To view your BYOK-encrypted apps:
移動 [アトラシアンの管理] に移動します。組織が複数ある場合は、対象の組織を選択します。
[セキュリティ] > [BYOK 暗号化] の順に選択します。
この内容はお役に立ちましたか?