I have a use case where data from S3 is queued into AWS SQS, which is in turn connected to CloudWatch, whose metrics will be triggering AWS Lambda.
However, I want the architecture to be HIPAA compliant. So, I have come up with this idea:
- Once my S3 bucket gets a file,
- Fire up a Lambda function, which does hashing/name scrambling of the files, and copies to another S3 bucket (via
- Connect the bucket with the hashed/scrambled names to the SQS queue
Is this a good and secure practice? Or is there a better workaround? (Would be more than happy if I can send encrypted keys of S3 to SQS. But not sure if I can or if it is possible)