Ensure AWS Kinesis Firehose's delivery stream is encrypted

Error: Ensure AWS Kinesis Firehose's delivery stream is encrypted

Bridgecrew Policy ID: BC_AWS_GENERAL_154
Checkov Check ID: CKV_AWS_240
Severity: LOW

Ensure AWS Kinesis Firehose's delivery stream is encrypted

Description

As a best practice enable encryption for your AWS Kinesis Firehose's delivery stream to improve data security without making changes to your business or applications.

Fix - Runtime

Fix - Buildtime

Terraform

resource "aws_kinesis_firehose_delivery_stream" "pass" {
  name        = "terraform-kinesis-firehose-test-stream"
  destination = "s3"

  s3_configuration {
    role_arn   = aws_iam_role.firehose_role.arn
    bucket_arn = aws_s3_bucket.bucket.arn
  }

  server_side_encryption {
    enabled = true #default is false
  }
  tags = {
    test = "failed"
  }
}

Updated 12 months ago