Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Enabling SSE for Kinesis Firehose

0

We have Kinesis Firehose as a target for EventBridge (source Direct put) with S3 bucket as the destination. We did not have SSE enabled for Firehose. We would like to enable it. The destination S3 bucket has encryption enabled (Amazon S3-managed keys (SSE-S3)). Do we just need to allow encrypt/decrypt permissions for the CMK in firehose role only? Or will Event Bridge and S3 need encrypt/decrypt permissions for the CMK?

How does encryption work in this scenario?

Any impact to existing objects in S3? If archive is enabled for event bridge, any impact to replay older events?

Themen
Analysen
Tags
Amazon Data FirehoseVerschlüsselung
Sprache
English
AWS-User-6254789
gefragt vor 2 Jahren668 Aufrufe
1 Antwort
0

Firehose SSE / CMK encryption should not affect encryption to S3 SSE. SSE = Server Side Encryption (Not TLS or encryption in transit). Meaning that the records on the Kinesis / Firehose stream are encrypted and it is localized to the service (Firehose and S3).

I have performed the below test in my environment:

Firehose (Not encrypted) to S3 (SSE-S3)

Then enabled SSE or CMK on Firehose. There was no effect and Delivery was successful

AWS
Varun_S
beantwortet vor 2 Jahren

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt