Kinesis streams should be encrypted at rest

문서 > Datadog 보안 > OOTB Rules > Kinesis streams should be encrypted at rest

이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Description

This control verifies whether Kinesis Data Streams are encrypted at rest using server-side encryption. The control fails if a Kinesis stream is not encrypted at rest with this method.

Server-side encryption in Amazon Kinesis Data Streams automatically secures data at rest by utilizing an AWS KMS key. The data is encrypted before being stored in the Kinesis stream storage layer and decrypted when accessed. This ensures that your data remains encrypted at rest within the Amazon Kinesis Data Streams service.

Remediation

For guidance on enabling server-side encryption for Kinesis streams, refer to the How do I get started with server-side encryption? section of the Amazon Kinesis Developer Guide.