Ensure that your AWS Kinesis streams are encrypted using Server-Side Encryption (SSE) in order to meet strict regulatory requirements and improve the security of your data at rest. Kinesis is a platform for streaming data on Amazon Web Services that provides you with the ability to build and manage your own custom streaming data applications for specialized needs. A Kinesis stream is an ordered sequence of data records collected within a dedicated storage layer. With SSE your sensitive data is encrypted before this is written to the Kinesis stream storage layer and decrypted after it’s retrieved from storage.
Server-Side Encryption (SSE) for Amazon Kinesis streams provides you with an extra layer of security on top of authentication and authorization. Note: SSE encrypts incoming data only after encryption is enabled. Preexisting data available in an unencrypted stream cannot be encrypted after Server-Side Encryption is enabled.
To determine if your AWS Kinesis streams have the Server-Side Encryption feature enabled, perform the following:
To enable Server-Side Encryption (SSE) for your Amazon Kinesis streams, perform the following: