Ryan Ware

Last Update setahun yang lalu

Description: Checks whether Kinesis have Encryption Enabled

Trigger type: Periodic

AWS Region: All supported AWS regions

How to Resolve Manually

By Default, most Amazon Kinesis Data Streams are created without encryption as default. In order to ensure your Amazon Kinesis Encryption Config Rule is returning COMPLIANT, you will need to encrypt your Data Stream with either a customer managed key (CMK) stored within your own KMS vault, or use the default AWS managed CMK (aws/kinesis)

To enable this, you will need to head on over to your Amazon Kinesis dashboard within your AWS Console, view your Data Streams and choose your Stream you would like to encrypt. Within the Configuration tab, look for encryption and choose Edit Encryption to enable and configure this to your liking.

Server-side encryption in Amazon Kinesis Data Streams automatically encrypts data before it's at rest by using an AWS KMS customer master key (CMK) that you specify. Data is encrypted before it's written to the Kinesis stream storage layer. It's decrypted after it’s retrieved from storage. As a result, your data is encrypted at rest within the Kinesis Data Streams service.

How to Resolve with StackZone

StackZone will be able to automatically enable encryption on your Amazon Kinesis Data Streams if you enable this remediation. The remediation action will use the AWS managed CMK (aws/kinesis) when performing the encryption of your Amazon Kinesis Data Streams

This will then ensure that your resources are marked as COMPLIANT with the AWS Config Rule.

To enable this within your own StackZone deployment, head on over to BaseLine Services / AWS Config Rules Regional / Kinesis Encryption and enable the remediation.

Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here

Was this article helpful?

0 out of 0 liked this article

Still need help? Message Us