Skip to content
  • There are no suggestions because the search field is empty.

Data Integration - FAQ

Everything you need to know about Data Integration for Future Anthem products

How do I access my dedicated AWS landing zone?

Your dedicated AWS environment is provisioned during the onboarding process.

  • Real time ingestion: You will be provided with a private endpoint.      
  • Further details here
  • Batch ingestion: You will be provided with SFTP credentials

 

What additional security is provided for your endpoints?

IP whitelisting will be configured at the application level for your dedicated APIs. You'll need to provide:

Required Information:
  • Source IP addresses for real-time streams.
  • Source IP addresses for SFTP connections
Whitelisting Process:
  1. Submit IP addresses to your account manager
  2. They will confirm once implemented
  3. Test connectivity after receiving confirmation

Important note: Dynamic IPs are not supported. Use static IPs or reserve elastic IPs in AWS.

 

How do I obtain API credentials for my private endpoints?

API credentials are generated through our secure credential management system:

Credential Types:
  • API Key: For authentication headers
  • Certificate: For mutual TLS authentication

The security features and standards for a publicly accessible Amazon MSK (Managed Streaming for Apache Kafka) cluster: [1] 

Network Security:
    • Amazon VPC to isolate the MSK cluster in a private network. [2] 
    • Security groups to control inbound and outbound traffic to the cluster.
Encryption:
    • Encryption in transit using TLS for communication between clients and brokers.
    • Encryption at rest using AWS Key Management Service (KMS) for data stored on the brokers.
Authentication and Authorization:
    • Access control method: SASL/SCRAM for username/password authentication
    • Apache Kafka Access Control Lists (ACLs) for fine-grained authorization on the data plane.
Monitoring and Logging:
    • AWS CloudTrail to log API calls and user activities.
    • Broker logs to Amazon CloudWatch Logs for analysis and auditing.
Compliance:
    • Amazon MSK is compliant with various industry standards, including SOC 1, SOC 2, and HIPAA. Refer to AWS documentation for the most up-to-date compliance information.
Client Security:
    • TLS 1.2 or later (TLS 1.3 recommended). [3] 
    • Use cipher suites with perfect forward secrecy (PFS) such as ECDHE.
Access Management:
    • Principle of least privilege for Producer role for clients.
    • IAM roles and policies to control access to MSK APIs and resources within AWS account
Regular Updates:
    • MSK cluster updated with the latest security patches and version upgrades.

 

How do I get support or make a feature suggestion?

Visit our 'here to help' form and we will respond accordingly.