Ensure that your AWS Kinesis streams are encrypted using Server-Side Encryption (SSE) in order to meet strict regulatory requirements and improve the security of your data at rest. Kinesis is a platform for streaming data on Amazon Web Services that provides you with the ability to build and manage your own custom streaming data applications for specialized needs. A Kinesis stream is an ordered sequence of data records collected within a dedicated storage layer. With SSE your sensitive data is encrypted before this is written to the Kinesis stream storage layer and decrypted after it’s retrieved from storage.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Server-Side Encryption (SSE) for Amazon Kinesis streams provides you with an extra layer of security on top of authentication and authorization.
Note: SSE encrypts incoming data only after encryption is enabled. Preexisting data available in an unencrypted stream cannot be encrypted after Server-Side Encryption is enabled.
To determine if your AWS Kinesis streams have the Server-Side Encryption feature enabled, perform the following:
To enable Server-Side Encryption (SSE) for your Amazon Kinesis streams, perform the following: