Skip to main content

Use Case for AWS Kinesis Streams should be encrypted

  1. Configure AWS Kinesis Streams should be encrypted
  2. Use Case for AWS Kinesis Streams should be encrypted
  3. Triage Guides by Violation Type
    1. Triage AWS Kinesis Streams should be encrypted ENCRYPTION_NOT_ENABLED

Kinesis Stream Encryption Check

Overview

This policy ensures that your AWS Kinesis Streams are encrypted using AWS Key Management Service (KMS). Using KMS encryption helps protect sensitive data and complies with best security practices.

Why Use This Policy?

Pros

  • Security: Ensures data at rest is encrypted, providing an additional layer of security.
  • Compliance: Helps meet compliance requirements for data protection and privacy.

Cons

  • Cost: KMS encryption may incur additional costs.
  • Performance: Potential slight performance overhead due to encryption and decryption processes.

How the Policy Works

This policy checks if the EncryptionType of your Kinesis Stream is set to KMS. If the stream is not encrypted with KMS, it triggers a violation.

Variables

  • EncryptionType: The type of encryption used for the Kinesis Stream. This variable is set to KMS by default.

Violation Types

ENCRYPTION_NOT_ENABLED

This violation is triggered when the EncryptionType is not set to KMS.

Configuration

No additional configuration is required for this policy.