Kinesis streams should be encrypted at rest

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Description

This control verifies whether Kinesis Data Streams are encrypted at rest using server-side encryption. The control fails if a Kinesis stream is not encrypted at rest with this method.

Server-side encryption in Amazon Kinesis Data Streams automatically secures data at rest by utilizing an AWS KMS key. The data is encrypted before being stored in the Kinesis stream storage layer and decrypted when accessed. This ensures that your data remains encrypted at rest within the Amazon Kinesis Data Streams service.

Remediation

For guidance on enabling server-side encryption for Kinesis streams, refer to the How do I get started with server-side encryption? section of the Amazon Kinesis Developer Guide.