[darkwater]

My RDS data is stored encrypted on disks with a private key AWS operators has no access to [1] (or at least that's what they tell you), and the application layer connection is controlled by a password transmitted over a TLS-only connection, whose private key - again - AWS has no access to.

[1] https://aws.amazon.com/blogs/database/securing-data-in-amazo...

[fauigerzigerk]

You're decrypting data on Amazon's hardware using software provided by Amazon. Of course they can access your unencrypted data if they have to.

It comes down to the details of the legal obligation they have under U.S law. Are there limits to what they have to do to help U.S law enforcement, and what exactly are those limits?

[e98cuenc]

The data in memory in that server is not encrypted. Amazon owning the server can log in it and read whatever part of the memory they want. I don't see how encrypting data at rest helps you in this scenario.

If GDPR makes all the cloud services provided by American companies illegal, what alternatives European companies have? Services like OVH and Hetzner are great as a low cost but they don't provide the same services at all.

How about Netsuite (Oracle), Netsuite, etc.?

My guess is that ~100% of European companies use some kind of US service and there are no realistic alternatives, are they going to rule all companies are doing something illegal?