Triage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration of enabling Firehose Delivery Stream Server-Side Encryption for AWS DynamoDB using the AWS Management Console, follow these step-by-step instructions:
-
Sign in to the AWS Management Console:
- Go to the AWS Management Console (https://aws.amazon.com/console/) and sign in to your AWS account.
-
Navigate to Amazon Kinesis Data Firehose:
- In the AWS Management Console, search for “Kinesis” in the search bar at the top and select “Kinesis” under the Analytics section.
-
Select the Firehose Delivery Stream:
- Click on the “Delivery Streams” option on the left sidebar to view a list of your existing Firehose delivery streams.
- Select the Firehose delivery stream that is connected to your DynamoDB table and requires server-side encryption.
-
Enable Server-Side Encryption:
- In the selected Firehose delivery stream details page, click on the “Edit” button to modify the settings.
- Scroll down to the “Server-side encryption” section and select the option for “Enable server-side encryption.”
- Choose the appropriate KMS key from the dropdown menu or create a new KMS key if necessary.
-
Save Changes:
- After enabling server-side encryption and selecting the KMS key, click on the “Save” button to apply the changes to the Firehose delivery stream.
-
Verify Encryption Configuration:
- Once the changes are saved, verify that server-side encryption is enabled for the Firehose delivery stream by checking the settings in the details page.
Using CLI
Using CLI
To enable server-side encryption for an AWS Kinesis Data Firehstream using AWS CLI, follow these steps:Make sure to replace Look for the
- Open the AWS CLI and run the following command to enable server-side encryption for the Firehose Delivery Stream:
YOUR_DELIVERY_STREAM_NAME with the actual name of your Firehose Delivery Stream.- Once the command is executed successfully, the server-side encryption will be enabled for the specified Firehose Delivery Stream using the AWS-owned Customer Master Key (CMK).
- You can verify the changes by describing the delivery stream using the following command:
EncryptionConfiguration section in the output to confirm that server-side encryption is enabled.By following these steps, you can remediate the misconfiguration and enable server-side encryption for an AWS Kinesis Data Firehose Delivery Stream using AWS CLI.Using Python
Using Python
To remediate the misconfiguration of enabling Firehose Delivery Stream Server-Side Encryption for AWS DynamoDB using Python, follow these steps:
- Import the necessary libraries:
- Initialize the AWS DynamoDB client:
- Get the list of all the existing DynamoDB tables:
- Iterate through each table and enable server-side encryption for the desired table:
- Run the Python script to enable server-side encryption for all the DynamoDB tables.