A web application is using Amazon Kinesis Streams for clickstream data that may not be consumed for up to 12 hours.
How can the developer implement encryption at rest for data within the Kinesis Streams?
Enable SSL connections to Kinesis.
Use Amazon Kinesis Consumer Library.
Encrypt the data once it is at rest with a Lambda function.
Enable server-side encryption in Kinesis Streams.
Explanations:
Enabling SSL only secures data in transit between clients and Kinesis, not at rest.
The Amazon Kinesis Consumer Library (KCL) is used for consuming data from streams, not for encryption at rest.
Lambda functions can process and transform data, but encryption at rest must be managed directly by Kinesis.
Enabling server-side encryption (SSE) for Kinesis Streams automatically encrypts data at rest using AWS-managed keys or customer-managed keys.
I structure that the answer is:
Enable server-side encryption in Kinesis Streams.