Posted On: Dec 17, 2020

You can now encrypt data in Amazon Kinesis Data Streams using server-side encryption. Data is encrypted using Amazon Key Management Service (KMS) managed customer master key. Server-side encryption makes it easy to meet strict data regulatory requirements, and enhances security by encrypting streaming data at rest within Amazon Kinesis Data Streams.  

Amazon Kinesis Data Streams is a massively scalable and durable real-time data streaming service. It can continuously capture gigabytes of data per second from hundreds of thousands of sources like website clickstreams, IoT data, database event streams, financial transactions, social media feeds, IT logs, and location-tracking events. The data collected is available in milliseconds for real-time analytics use cases like dashboards, anomaly detection, dynamic pricing, and more.  

To get started, select a new or existing stream in the Kinesis console, select a KMS master key, and enable server-side encryption. Within a few seconds, Kinesis Data Streams encrypts all incoming data written to the stream. Server-side encryption uses the 256-bit Advanced Encryption Standard (AES-256 GCM algorithm) to encrypt each record and its partition key. You can use the Kinesis console or the Amazon CLI to get the encryption status of a stream. You can also audit the encryption history using Amazon CloudTrail. 

Server-side encryption is free with Amazon Kinesis Data Streams, however standard Amazon KMS key and usage costs apply. For more information, refer to Server-side encryption in the Amazon Kinesis Data Streams Developer Guide. 

Server-side encryption is available in the Amazon Web Services China (Beijing) Region, operated by Sinnet, and the Amazon Web Services China (Ningxia) Region, operated by NWCD.