Menu
Are Kinesis messages encrypted when they are stored on AWS?
What mechanism is used to persistently store the messages?
630
Are Kinesis messages encrypted when they are stored on AWS?
Encryption mechanisms of a created Amazon Kinesis stream application follows the same principles as for any other application you create on AWS. So here are the questions you need to ask yourself:
In this case, you are responsible for the encrryption/decryption process as well as the management, and use of keys of which AWS has no access.
In this case, your cryptographic keys are stored in the AWS environment but are not ccessible to AWS' employees. You will need to use AWS CloudHSM.
In this scenario, AWS manages everything automatically on your behalf: meaning that yes, Kinesis messages are encrypted when stored on AWS.
To avoid troubles, you may use the third option: let AWS do it on your behalf. This corresponds to the third listed case above. For this purpose, the simplest and easiest way for you is to use Amazon Kinesis Firehose which can batch, compress, and encrypt the data before loading it, minimizing the amount of storage used at the destination and increasing security.
What mechanism is used to persistently store the messages?
The data retention period is configurable in hourly increments from 24 (the default retention period) to 168 hours (7 days), and requestable via the Streams Limits form (Amazon Kinesis Streams Limits). Nevertheless, you can persist data to Amazon S3 from Amazon Kinesis Streams using AWS Lambda and Amazon Kinesis Firehose. You can find here a step by step practical example: Persist Streaming Data to Amazon S3 using Amazon Kinesis Firehose and AWS Lambda
114
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
