AWS Kinesis
Overview
Critical
1High
0Medium
3Low
1Informational
0Security issues (5)
Severity | Non-Compliance | Region | Resource | Issue | Remediation | Read more | Action |
---|---|---|---|---|---|---|---|
Medium | — | us-east-1 | my-delivery-stream | Server-side encryption (SSE) for source records uses default AWS-owned CMK, not a recommended KMS customer-managed key. | When a new Firehose delivery stream is created, make sure the server-side encryption is enabled with a KMS customer-managed key. | More info | |
Critical | PCI DSS 3.5 HIPAA (Encryption) | us-east-1 | stream3 | S3 server-side encryption for the Firehose delivery stream is disabled. | To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, make sure the data delivered in S3 bucket is encrypted with a KMS customer-managed key. | More info | |
Medium | — | us-east-1 | test-stream2 | Server-side encryption (SSE) for source records uses default AWS-owned CMK, not a recommended KMS customer-managed key. | When a new Firehose delivery stream is created, make sure the server-side encryption is enabled with a KMS customer-managed key. | More info | |
Medium | — | us-east-1 | test-stream2 | S3 server-side encryption for the Firehose delivery stream uses an encryption key "6f8e9a68-8d11-4e6e-89fa-db920b230a5f", which is not a recommended KMS customer-managed key, but an AWS default key "aws/s3". | When a new Firehose delivery stream is created, make sure S3 encryption is enabled with a KMS customer-managed key. | More info | |
Low | — | us-east-1 | my-stream | Kinesis data stream uses default CMK (aws/kinesis) that is created, managed, and used on your behalf by Kinesis Data Streams. | To have full control over the CMK, consider using a Customer managed CMK for server-side encryption - a key that is stored in your account and is created, owned, and managed by you. | More info |
Kinesis data streams (1)
Region | Data stream name | Status | Creation time | Open shards | Data retention period | Encryption | Security issues |
---|---|---|---|---|---|---|---|
us-east-1 | my-stream | Active | 1 | 24 hours | Enabled | 1 Low (details) |