AWS-Kinesis-stream-with-direct-PUT-has-server-side-encryption

Owned by naveen

Last updated: Nov 19, 2021

1 min read

Severity: High

Description: This control ensure that AWS Kinesis Data Firehose delivery stream with Direct PUT and other sources as source has Server-side encryption configured. It is recommended to have service-side encryption enabled for Amazon Kinesis Delivery Streams.

Remediation Steps:

Perform following to enable server side encryption for Kinesis:

Login to the AWS Management Console at https://console.aws.amazon.com.
Navigate to Kinesis console.
Go to each kinesis Data firehose delivery stream.
Click on Encryption.
Click Edit.
Mark the box to Enable server-side encryption for source records in delivery stream.
Click Save.

Important:

Reference:

Data protection in Amazon Data Firehose - Amazon Data Firehose

Blue Hexagon Proprietary