Kinesis streams should be encrypted at rest

Docs > Plateforme de sécurité Datadog > OOTB Rules > Kinesis streams should be encrypted at rest

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Description

This control verifies whether Kinesis Data Streams are encrypted at rest using server-side encryption. The control fails if a Kinesis stream is not encrypted at rest with this method.

Server-side encryption in Amazon Kinesis Data Streams automatically secures data at rest by utilizing an AWS KMS key. The data is encrypted before being stored in the Kinesis stream storage layer and decrypted when accessed. This ensures that your data remains encrypted at rest within the Amazon Kinesis Data Streams service.

Remediation

For guidance on enabling server-side encryption for Kinesis streams, refer to the How do I get started with server-side encryption? section of the Amazon Kinesis Developer Guide.