Ensure all Firehose Delivery Streams Encryption


AWS Kinesis Firehose delivery streams should be encrypted using Server-Side Encryption (SSE) in order to protect your Kinesis data at rest. When Server-Side Encryption feature is enabled, Kinesis Firehose requests AWS S3 service to encrypt your data before saving it on disks and decrypt it when you download it.


1. Sign in to the AWS Management Console.

2. Go to the Kinesis dashboard.

3. In the navigation panel, under Amazon Kinesis, choose Data Firehose.

4. Choose the delivery stream that you want to reconfigure, then click on its name (link) to access the resource configuration.

5. Select the Details tab from the top panel and click the Edit button from the top-right menu to switch to edit mode.

6. Within Amazon S3 destination section, select Enabled next to S3 encryption to enable the SSE feature.

7. From KMS master key dropdown list, choose whether to use the AWS KMS default key (i.e. (Default) aws/s3) or an AWS KMS Customer Master Key (CMK).

8. Click Save to apply the configuration changes.







We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!