New: Server-Side Encryption for Amazon Kinesis Streams
In this age of smart homes, big data, IoT devices, mobile phones, social networks, chatbots, and game consoles, streaming data scenarios are everywhere. enables you to build custom applications that can capture, process, analyze, and store terabytes of data per hour from thousands of streaming data sources. Since
Kinesis Streams enables several streaming use cases for consumers, and now we are making the service more effective for securing your data in motion by adding server-side encryption (SSE) support for Kinesis Streams. With this new Kinesis Streams feature, you can now enhance the security of your data and/or meet any regulatory and compliance requirements for any of your organization’s data streaming needs.
In fact,
Now are you ready to get into the keys? Get it, instead of get into the weeds. Okay a little corny, but it was the best I could do. Coming back to discussing SSE for Kinesis Streams, let me explain the flow of server-side encryption with Kinesis. Each data record and partition key put into a Kinesis Stream using the PutRecord or PutRecords API is encrypted using an AWS Key Management Service (KMS) master key. With the AWS Key Management Service (KMS) master key, Kinesis Streams uses the 256-bit Advanced Encryption Standard (AES-256 GCM algorithm) to add encryption to the incoming data.
In order to enable server-side encryption with Kinesis Streams for new or existing streams, you can use the Kinesis management console or leverage one of the available AWS SDKs. Additionally, you can audit the history of your stream encryption, validate the encryption status of a certain stream in the Kinesis Streams console, or check that the PutRecord or GetRecord transactions are encrypted using the AWS CloudTrail service.
Walkthrough: Kinesis Streams Server-Side Encryption
Let’s do a quick walkthrough of server-side encryption with Kinesis Streams. First, I’ll go to the Amazon Kinesis console and select the Streams console option.
Once in the Kinesis Streams console, I can add server-side encryption to one of my existing Kinesis streams or opt to create a new Kinesis stream. For this walkthrough, I’ll opt to quickly create a new Kinesis stream, therefore, I’ll select the Create Kinesis stream button.
I’ll name my stream, KinesisSSE-stream, and allocate one shard for my stream. Remember that the data capacity of your stream is calculated based upon the number of shards specified for the stream. You can use the Estimate the number of shards you’ll need dropdown within the console or read more calculations to estimate the number of shards in a stream here. To complete the creation of my stream, now I click the Create Kinesis stream button.
With my KinesisSSE-stream created, I will select it in the dashboard and choose the Actions dropdown and select the Details option.
On the Details page of the KinesisSSE-stream, there is now a Server-side encryption section. In this section, I will select the Edit button.
Now I can enable server-side encryption for my stream with an AWS KMS master key, by selecting the Enabled radio button. Once selected I can choose which AWS KMS master key to use for the encryption of data in KinesisSSE-stream. I can either select the KMS master key generated by the Kinesis service, (Default) aws/kinesis, or select one of my own KMS master keys that I have previously generated. I’ll select the default master key and all that is left is for me to click the Save button.
That’s it! As you can see from my screenshots below, after only about 20 seconds, server-side encryption was added to my Kinesis stream and now any incoming data into my stream will be encrypted. One thing to note is server-side encryption only encrypts incoming data after encryption has been enabled. Preexisting data that is in a Kinesis stream prior to server-side encryption being enabled will remain unencrypted.
Summary
Kinesis Streams with Server-side encryption using AWS KMS keys makes it easy for you to automatically encrypt the streaming data coming into your stream. You can start, stop, or update server-side encryption for any Kinesis stream using the AWS management console or the AWS SDK. To learn more about Kinesis Server-Side encryption, AWS Key Management Service, or about Kinesis Streams review the Amazon Kinesis getting started guide, the AWS Key Management Service developer guide, or the Amazon Kinesis product page.
Enjoy streaming.
– Tara
相關推薦
New: Server-Side Encryption for Amazon Kinesis Streams
In this age of smart homes, big data, IoT devices, mobile phones, social networks, chatbots, and game consoles, streaming data scenarios are every
New – Server-Side Encryption for Amazon Simple Queue Service (SQS)
As one of the most venerable members of the AWS family of services, Amazon Simple Queue Service (SQS) is an essential part of many applications. P
New – Amazon S3 Server Side Encryption for Data at Rest
A lot of technical tasks that seem simple in theory are often very complex to implement. For example, let’s say that you want to encrypt
New P2 Instance Type for Amazon EC2 – Up to 16 GPUs
I like to watch long-term technology and business trends and watch as they shape the products and services that I get to use and to write about. A
Netflix & Amazon Kinesis Streams Case Study
Netflix uses Amazon Web Services (AWS) for nearly all its computing and storage needs, including databases, analytics, recommendation engin
新增:Amazon Kinesis Streams 伺服器端加密
在這個智慧家居、大資料、物聯網裝置、手機、社交網路、聊天機器人和遊戲機的時代,流媒體資料場景無處不在。利用,您可以構建自定義應用程式,以便從數千個流媒體資料來源捕獲、處理、分析和儲存每小時數 TB 的資料。由於 Amazon Kinesis Streams 允許應用程式從同一個 Kinesi
New – Cross-Region Replication for Amazon S3
We launched Amazon S3 nine years ago as of last week! Since that time we have added dozens of features, expanded across the globe, and red
Netflix 和 Amazon Kinesis Streams 案例研究
Netflix 使用 Amazon Web Services (AWS) 來滿足幾乎所有計算和儲存需求,包括資料庫、分析、建議引擎、視訊編碼和數百種功能,總共使用 AWS 上 100000 多個伺服器例項。 這導致極其複雜的動態聯網環境,應用程式在
New – Your User Pools for Amazon Cognito
Amazon Cognito makes it easy for mobile and web apps to easily add authentication, user management, and data synchronization without having to wri
New – Encryption of Data in Transit for Amazon EFS
Amazon Elastic File System was designed to be the file system of choice for cloud-native applications that require shared access to file-based sto
New – Encryption of Data at Rest for Amazon Elastic File System (EFS)
We launched Amazon Elastic File System in production form a little over a year ago (see Amazon Elastic File System – Production Ready in Three Reg
Side Traces in Amazon RDS for SQL Server
Amazon Web Services is Hiring. Amazon Web Services (AWS) is a dynamic, growing business unit within Amazon.com. We are currently hiring So
Operationalizing Node.js for Server Side Rendering
We had blamed startup latency for latency that was actually caused by concurrent requests waiting on each other for use of the CPU. From our performance me
Amazon Kinesis Data Streams Resources
This is a pre-built library that helps you easily integrate Amazon Kinesis Data Streams with other AWS services and third-party tools. Amazon Ki
Amazon Kinesis Agent Update – New Data Preprocessing Features
My colleague Ray Zhu wrote the guest post below to introduce you to some new data preprocessing features for the Amazon Kinesis Agent. — J
Amazon Kinesis Data Streams getting started
Reducing the time to get actionable insights from data is important to all businesses and customers who employ batch data analytics tools are exp
Amazon Kinesis Data Streams FAQs
Q: What is an Amazon Kinesis Application? An Amazon Kinesis Application is a data consumer that reads and processes data from an Amazon