A company is planning on using AWS Kinesis for streaming data from various sources. One of the key requirements is to ensure that data is encrypted at rest in AWS Kinesis? How would you accomplish this?

Answer options:

A.Use client-side encryption for the data at the consumer side
B.Use client-side encryption for the data at the Producer side
C.Create an MD5 hash for the partition key and send it along with the stream
D.Use VPC Endpoints

Answer – B
From the options given above, the only logical option is to ensure the data is encrypted by the Producer before it reaches the Kinesis Stream endpoint.
Option A is incorrect since here the data would remain unencrypted in the stream
Option C is incorrect since this can be used for encryption
Option D is incorrect since this is used to securely access the Kinesis stream from an EC2 Instance in a private subnet
For more information on using AWS KMS to encrypt data on the client side, please refer to the below URL
https://aws.amazon.com/blogs/big-data/encrypt-and-decrypt-amazon-kinesis-records-using-aws-kms/