You are planning to use AWS Kinesis streams for an application being developed for a company. The company policy mandates that all data is encrypted at rest. How can you accomplish this in the easiest way possible for Kinesis streams?
The easiest way is to use the in-built server-side encryption that is available with Kinesis streams.
The AWS Documentation mentions the following.
Server-side encryption is a feature in Amazon Kinesis Data Streams that automatically encrypts data before it's at rest by using an AWS KMS customer master key (CMK) you specify.
Data is encrypted before it's written to the Kinesis stream storage layer and decrypted after it's retrieved from storage.
As a result, your data is encrypted at rest within the Kinesis Data Streams service.
This allows you to meet strict regulatory requirements and enhance the security of your data.
Options A and C are invalid since this would involve too much effort for encrypting and decrypting to the streams.
Option D is invalid since this is the same as encrypting the data before it reaches the stream.
