AWS-Kinesis-stream-with-direct-PUT-uses-CMK-server-side-encryption

Owned by naveen
Nov 19, 2021
1 min read

Severity: High

Description: This control ensure that AWS Kinesis Data Firehose delivery stream with Kinesis Data stream as source has Server-side encryption configured with customer-managed key. It is recommended to have service-side encryption enabled for Amazon Kinesis Delivery Streams with customer-managed key.

Remediation Steps:

Perform following to enable server side encryption for Kinesis:

  1. Login to the AWS Management Console at https://console.aws.amazon.com.

  2. Navigate to Kinesis console.

  3. Go to each kinesis Data firehose delivery stream

  4. Click on Encryption

  5. Click Edit

  6. Mark the box to Enable server-side encryption for source records in delivery stream

  7. Select Use Customer-managed CMK

  8. Select the required key in the dropdown

  9. Click Save.

Important:

Reference:

Blue Hexagon Proprietary