kinesis-stream-encrypted - Amazon Config
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).


Checks if Amazon Kinesis streams are encrypted at rest with server-side encryption. The rule is NON_COMPLIANT for a Kinesis stream if 'StreamEncryption' is not present.

Context: Server-side encryption is a feature in Amazon Kinesis Data Streams that automatically encrypts data before it's at rest by using an Amazon KMS Key. Data is encrypted before it's written to the Kinesis stream storage layer, and decrypted after it's retrieved from storage. As a result, your data is encrypted at rest within the Kinesis Data Streams service. This can help you to meet regulatory requirements and enhance the security of your data. For more information, Data Protection in Amazon Kinesis Data Streams.


Resource Types: AWS::Kinesis::Stream

Trigger type: Configuration changes

Amazon Web Services Region: All supported Amazon regions except Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region



Amazon CloudFormation template

To create Amazon Config managed rules with Amazon CloudFormation templates, see Creating Amazon Config Managed Rules With Amazon CloudFormation Templates.