Back to All Checks
Medium Kinesis Regional

Kinesis stream should have adequate data retention

FSBP

Description

This control checks whether an Amazon Kinesis data stream has a data retention period greater than or equal to the specified time frame. The control fails if the data retention period is less than the specified time frame. Unless you provide a custom parameter value for the data retention period, Security Hub uses a default value of 168 hours. In Kinesis Data Streams, a data stream is an ordered sequence of data records meant to be written to and read from in real time. Data records are stored in shards in your stream temporarily. The time period from when a record is added to when it is no longer accessible is called the retention period. Kinesis Data Streams almost immediately makes records older than the new retention period inaccessible after decreasing the retention period.

Remediation

To remediate Kinesis stream data retention, you need to increase the retention period to meet the minimum requirements.

Steps

  1. Navigate to the Amazon Kinesis console
  2. Select the Kinesis data stream
  3. Go to 'Configuration' tab
  4. Click 'Edit' for data retention settings
  5. Increase the retention period to at least 168 hours (7 days)
  6. Save the configuration
  7. Verify the retention period is updated
  8. Monitor the stream for data retention compliance
  9. Consider setting up alerts for retention period changes
  10. Document the retention policy for audit purposes

Compliance

FSBP
Start Your Free Security Check