Ensure Amazon Kinesis streams are utilizing KMS CMK customer-managed keys instead of AWS managed-keys (i.e. default encryption keys created by Amazon for Kinesis service) in order to have more granular control over your data streams encryption/decryption process. Kinesis is an AWS streaming data service that provides you with the ability to build and manage your own streaming data applications for specialized needs. An AWS Kinesis stream is an ordered sequence of data records collected within a dedicated storage layer.
1. Navigate to the AWS KMS console, and select the region in which your Kinesis stream is located.
2. Select Customer Managed Keys in the navigation pane.
3. Then Create Key, and then follow the steps to create a key. Note the ARN for the key
4. Next, navigate to the Kinesis console, select your stream, and enter the ARN for the key in the KMS Key ID field.