test-stream2
Region: us-east-1
Overview
Critical
0High
0Medium
2Low
0Informational
0Security issues (2)
Severity | Non-Compliance | Issue | Remediation | Read more | Action |
---|---|---|---|---|---|
Medium | — | Server-side encryption (SSE) for source records uses default AWS-owned CMK, not a recommended KMS customer-managed key. | When a new Firehose delivery stream is created, make sure the server-side encryption is enabled with a KMS customer-managed key. | More info | |
Medium | — | S3 server-side encryption for the Firehose delivery stream uses an encryption key "6f8e9a68-8d11-4e6e-89fa-db920b230a5f", which is not a recommended KMS customer-managed key, but an AWS default key "aws/s3". | When a new Firehose delivery stream is created, make sure S3 encryption is enabled with a KMS customer-managed key. | More info |