1. AWS Kinesis

AWS Kinesis

Overview
Critical
1
High
0
Medium
3
Low
1
Informational
0
Security issues (5)
Severity Non-Compliance Region Resource Issue Remediation Read more Action
Medium us-east-1 my-delivery-stream Server-side encryption (SSE) for source records uses default AWS-owned CMK, not a recommended KMS customer-managed key. When a new Firehose delivery stream is created, make sure the server-side encryption is enabled with a KMS customer-managed key. More info
Critical PCI DSS 3.5 HIPAA (Encryption) us-east-1 stream3 S3 server-side encryption for the Firehose delivery stream is disabled. To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, make sure the data delivered in S3 bucket is encrypted with a KMS customer-managed key. More info
Medium us-east-1 test-stream2 Server-side encryption (SSE) for source records uses default AWS-owned CMK, not a recommended KMS customer-managed key. When a new Firehose delivery stream is created, make sure the server-side encryption is enabled with a KMS customer-managed key. More info
Medium us-east-1 test-stream2 S3 server-side encryption for the Firehose delivery stream uses an encryption key "6f8e9a68-8d11-4e6e-89fa-db920b230a5f", which is not a recommended KMS customer-managed key, but an AWS default key "aws/s3". When a new Firehose delivery stream is created, make sure S3 encryption is enabled with a KMS customer-managed key. More info
Low us-east-1 my-stream Kinesis data stream uses default CMK (aws/kinesis) that is created, managed, and used on your behalf by Kinesis Data Streams. To have full control over the CMK, consider using a Customer managed CMK for server-side encryption - a key that is stored in your account and is created, owned, and managed by you. More info
Kinesis data streams (1)
Region Data stream name Status Creation time Open shards Data retention period Encryption Security issues
us-east-1 my-stream Active 124 hours Enabled 1 Low (details)
Firehose delivery streams (3)
Region Name Status Creation time Source Destination Security issues
us-east-1 my-delivery-stream Active Direct PUTS3 bucket 1 Medium (details)
us-east-1 stream3 Active Direct PUTS3 bucket 1 Critical (details)
us-east-1 test-stream2 Active Direct PUTS3 bucket 2 Medium (details)