Best practice rules for Amazon Kinesis Data Firehose
- Enable Firehose Delivery Stream Server-Side Encryption
Ensure that Kinesis Data Firehose delivery streams enforce Server-Side Encryption, ideally using Customer-managed Customer Master Keys.
- Firehose Delivery Stream Destination Encryption
Ensure that Firehose delivery stream data records are encrypted at destination.