Kinesis streams should be encrypted at rest

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Description

This control verifies whether Kinesis Data Streams are encrypted at rest using server-side encryption. The control fails if a Kinesis stream is not encrypted at rest with this method.

Server-side encryption in Amazon Kinesis Data Streams automatically secures data at rest by utilizing an AWS KMS key. The data is encrypted before being stored in the Kinesis stream storage layer and decrypted when accessed. This ensures that your data remains encrypted at rest within the Amazon Kinesis Data Streams service.

Remediation

For guidance on enabling server-side encryption for Kinesis streams, refer to the How do I get started with server-side encryption? section of the Amazon Kinesis Developer Guide.