Certified Security - Specialty

Sign Up Free or Log In to participate!

Why does the Kinesis Firehose iam policy need KMS: Decrypt?

Hello all.

I was looking at the roles and policies created by AWS automatically for you for Kinesis Firehose and I saw it includes KMS: Decrypt. Firehose is used to ingest large amounts of data in S3. The data is not necessary encrypted from the producer so why is it necessary? Thank you!

1 Answers

Did you enable server-side data encryption? That might be the reason for seeing that.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?