Ensure that your AWS Kinesis streams are encrypted using Server-Side Encryption (SSE) in order to meet strict regulatory requirements and improve the security of your data at rest. Kinesis is a platform for streaming data on Amazon Web Services that provides you with the ability to build and manage your own custom streaming data applications for specialized needs. A Kinesis stream is an ordered sequence of data records collected within a dedicated storage layer. With SSE your sensitive data is encrypted before this is written to the Kinesis stream storage layer and decrypted after it’s retrieved from storage.
This rule can help you with the following compliance standards:
- Payment Card Industry Data Security Standard (PCI DSS)
- Health Insurance Portability and Accountability Act (HIPAA)
- General Data Protection Regulation (GDPR)
- NIST 800-53 (Rev. 4)
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Server-Side Encryption (SSE) for Amazon Kinesis streams provides you with an extra layer of security on top of authentication and authorization.
Note: SSE encrypts incoming data only after encryption is enabled. Preexisting data available in an unencrypted stream cannot be encrypted after Server-Side Encryption is enabled.
To determine if your AWS Kinesis streams have the Server-Side Encryption feature enabled, perform the following:
Remediation / Resolution
To enable Server-Side Encryption (SSE) for your Amazon Kinesis streams, perform the following:
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Kinesis Server Side Encryption
Risk level: High