Hi ,
We encrypted Kinesis stream : https://aws.amazon.com/blogs/aws/new-server-side-encryption-for-amazon-kinesis-streams/ using Server Sided Encryption. We then have the Splunk Addon for AWS with the IAM instance profile role which has the decrypt for the KMS but when we look at the logs to see if its flowing or not , we are not seeing any logs coming in - does Splunk Add-on for AWS supports the decryption of the encrypted Kinesis stream records?
I believe it should, the key is to include "kms:Decrypt" in the permission policy:
http://docs.splunk.com/Documentation/AddOns/released/AWS/ConfigureAWSpermissions
Hmmm, it sounds like you did things right. Does it work when the Kinesis stream is not encrypted?
The only thing I see sounds like you already ready it: http://docs.splunk.com/Documentation/AddOns/released/AWS/ConfigureAWS#Configure_Kinesis
According to our docs mentioned above:
Note: "The Kinesis data input only supports gzip compression or plaintext data. It cannot ingest data with other encodings, nor can it ingest data with a mix of gzip and plaintext in the same input. Create separate Kinesis inputs for gzip data and plaintext data."
So it looks like we do not have a way to read encrypted Kinesis streams with the current Add-on.