Kinesis streams should be encrypted at rest

Description

This control verifies whether Kinesis Data Streams are encrypted at rest using server-side encryption. The control fails if a Kinesis stream is not encrypted at rest with this method.

Server-side encryption in Amazon Kinesis Data Streams automatically secures data at rest by utilizing an AWS KMS key. The data is encrypted before being stored in the Kinesis stream storage layer and decrypted when accessed. This ensures that your data remains encrypted at rest within the Amazon Kinesis Data Streams service.

Remediation

For guidance on enabling server-side encryption for Kinesis streams, refer to the How do I get started with server-side encryption? section of the Amazon Kinesis Developer Guide.