All Apps and Add-ons

Splunk Add-on for AWS: Does this add-on support Server Side Encryption/ Decryption of Kinesis stream?

bhavesh91
New Member

Hi ,
We encrypted Kinesis stream : https://aws.amazon.com/blogs/aws/new-server-side-encryption-for-amazon-kinesis-streams/ using Server Sided Encryption. We then have the Splunk Addon for AWS with the IAM instance profile role which has the decrypt for the KMS but when we look at the logs to see if its flowing or not , we are not seeing any logs coming in - does Splunk Add-on for AWS supports the decryption of the encrypted Kinesis stream records?

0 Karma

mreynov_splunk
Splunk Employee
Splunk Employee

I believe it should, the key is to include "kms:Decrypt" in the permission policy:
http://docs.splunk.com/Documentation/AddOns/released/AWS/ConfigureAWSpermissions

sloshburch
Splunk Employee
Splunk Employee

Hmmm, it sounds like you did things right. Does it work when the Kinesis stream is not encrypted?

The only thing I see sounds like you already ready it: http://docs.splunk.com/Documentation/AddOns/released/AWS/ConfigureAWS#Configure_Kinesis

0 Karma

amiracle
Splunk Employee
Splunk Employee

According to our docs mentioned above:

Note: "The Kinesis data input only supports gzip compression or plaintext data. It cannot ingest data with other encodings, nor can it ingest data with a mix of gzip and plaintext in the same input. Create separate Kinesis inputs for gzip data and plaintext data."

So it looks like we do not have a way to read encrypted Kinesis streams with the current Add-on.

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...