Feed: Recent Announcements.
When you ingest records to encrypted delivery streams, Amazon Kinesis Data Firehose immediately encrypts your messages. The encryption takes place on the server, using a 256-bit AES-GCM algorithm and a customer master key (CMK) issued by AWS KMS. Kinesis Data Firehose now works with both customer-provided CMKs and AWS-provided CMKs. The records are stored in encrypted form in multiple availability zones (AZs), and decrypted only as they are delivered to destinations like Amazon S3, Amazon Elasticsearch Service, Amazon Redshift and Splunk. To learn more, visit Security in Amazon Kinesis Data Firehose.
This capability is now available in all AWS Regions where Amazon Kinesis Data Firehose is available. There are no additional Kinesis Data Firehose charges for using this capability. You are only charged for AWS KMS usage. For pricing details, visit AWS KMS pricing.