I am building an architecture in which real-time data will be ingested into the kinesis firehose using kinesis agent. My data source is on-premise so it requires that the data should be encrypted in-transit. Which protocol is used while data is moved using agent to firehose? Any idea on how to move data securely? Any help is greatly appreciated.
Asked
Active
Viewed 1,915 times
1 Answers
1
Both Kinesis Streams and Firehose AWS endpoints use only HTTPS as explained here and here. Thus by injecting your records to the Stream or Firehouse you must use HTTPS which provides encryption in transit. If this is not enough you could establish a VPN connection between on-premises and your VPC, or even use fully dedicated connection by means of direct connect.
For server side encryption in Firehose, you can refer to the following:
Marcin
- 215,873
- 14
- 235
- 294
-
Thanks for the response. So does it mean the following: HTTPS protocol is used while writing data into the kinesis firehose using kinesis agent? I'm using the below endpoint in the agent.json file of the kinesis agent: firehose.ap-southeast-2.amazonaws.com – Sains Jul 13 '20 at 02:01
-
@Sains Yes. As shown in the links in the answer, you can only use HTTPS. No plain-text connections (i.e. HTTP) are supported. For comparison, you can check [S3 endpoints](https://docs.aws.amazon.com/general/latest/gr/s3.html) which support both HTTP and HTTPS. – Marcin Jul 13 '20 at 02:05
-
@Sains No problem. Glad I could help. – Marcin Jul 13 '20 at 02:08