CloudFront field-level encryption can be used to ensure that sensitive data is fully protected from the point of user entry through to the backend of a service. Amazon will allow for up to 10 fields to be encrypted in a single request. For more information, see the AWS documentation.
References:
https://docs.aws.amazon.com/documentdb/latest/developerguide/cloud_watch.html
In AWS Console -
In Terraform -
For more information on configuring a field-level encryption profile, see the AWS documentation.
References:
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/field-level-encryption.html?icmpid=docs_cf_help_panel#field-level-encryption-setting-up
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#field_level_encryption_id