You are planning to use AWS Kinesis streams for an application being developed for a company. The company policy mandates that all data is encrypted at rest. How can you accomplish this in the easiest way possible for Kinesis streams?

Answer options:

A.Use the SDK for Kinesis to encrypt the data before being stored at rest.
B.Enable server-side encryption for Kinesis streams.
C.Enable client-side encryption for Kinesis streams.
D.Use the AWS CLI to encrypt the data.

Answer – B
The easiest way is to use the in-built server-side encryption that is available with Kinesis streams.
The AWS Documentation mentions the following.
Server-side encryption is a feature in Amazon Kinesis Data Streams that automatically encrypts data before it`s at rest by using an AWS KMS customer master key (CMK) you specify. Data is encrypted before it`s written to the Kinesis stream storage layer and decrypted after it’s retrieved from storage. As a result, your data is encrypted at rest within the Kinesis Data Streams service. This allows you to meet strict regulatory requirements and enhance the security of your data.
Options A and C are invalid since this would involve too much effort for encrypting and decrypting to the streams.
Option D is invalid since this is the same as encrypting the data before it reaches the stream.
For more information on server-side encryption with streams, please refer to the below URL-
https://docs.aws.amazon.com/streams/latest/dev/what-is-sse.html