Control: Kinesis streams should have server side encryption enabled
Description
Enable server side encryption (SSE) of your AWS Kinesis Server data at rest, in order to protect your data and metadata from breaches or unauthorized access, and fulfill compliance requirements for data-at-rest encryption within your organization.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.kinesis_stream_server_side_encryption_enabledSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.kinesis_stream_server_side_encryption_enabled --shareSQL
This control uses a named query:
select stream_arn as resource, case when encryption_type = 'KMS' then 'ok' else 'alarm' end as status, case when encryption_type = 'KMS' then title || ' server side encryption enabled.' else title || ' server side encryption disabled.' end as reason , region, account_idfrom aws_kinesis_stream;