Security in Cloud Sync

Security when synchronizing and backing up data

Cloud Sync uses HTTPS encrypted with transport layer security (TLS) to securely communicate with Amazon Route 53 and Amazon Simple Storage Service (S3).

When synchronizing DNS data from NS1 Connect to Route 53 or backing up data to Amazon Simple Storage Service (S3), Cloud Sync doesn't use and store user credentials. Instead, Cloud Sync requires cross-account permissions, which grant an AWS account permission to a trusted role in the NS1 Connect account for Cloud Sync. You set the permissions when you configure the DNS data flow from NS1 Connect to Route 53 or connect a backup network.

IBM controls and audits access to the NS1 Connect account for Cloud Sync that has access to the AWS account. In addition, you have control over the IAM role and policy, so you can revoke access whenever you want.

Security when synchronizing DNS data from Route 53

You must create an API key in NS1 Connect to synchronize data from Route 53. The API key is used to generate a set of JSON Web Tokens (JWT), which are used to authenticate requests to the Cloud Sync API. When you configure DNS data flow from Route 53, you enter an API key in the CloudFormation template for Cloud Sync. The API key and JWT are stored in AWS Secrets Manager.