Detections
Analytics

Ensure at-rest server side encryption (SSE) is enabled for data stored in AWS Kinesis Server

HIGH

Description

AWS Kinesis Server without server side encryption (SSE) can impact the confidentiality of data at-rest.

Remediation

In Terraform -

  1. In the aws_kinesis_firehose_delivery_stream resource, set the server_side_encryption.enabled field to true.
  2. If using a customer-managed key, set the key_type as CUSTOMER_MANAGED_CMK and the key_arn to the appropriate value.

References:
https://docs.aws.amazon.com/firehose/latest/dev/encryption.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kinesis_firehose_delivery_stream#server_side_encryption

Policy Details

Rule Reference ID: AC_AWS_0155
CSP: AWS
Remediation Available: Yes
Domain: Data Protection
Resource: aws_kinesis_firehose_delivery_stream
Resource Category: Analytics
Resource Type: Kinesis

Frameworks