-
Hello chris-4,
Thank you for reaching out!
You are correct, and I appreciate your attention to detail. Upon reviewing the current AWS documentation, Amazon Data Firehose does indeed encrypt all data in transit using TLS by default. This ensures that the data is securely transmitted between sources and destinations, including Amazon S3.
The review content stating that Data Firehose does not automatically encrypt data in transit was inaccurate. The correct setup, as described in the option you mentioned—using Amazon Kinesis Data Streams with Kinesis Client Library (KCL) consumers, storing records in an S3 bucket with SSE-KMS encryption, and performing analytics with Amazon Athena—is a valid and secure architecture that meets the requirement for data encryption both at rest and in transit.
We have now updated the question and reviewed the content to reflect this correction to the portal, and we thank you for pointing that out.
Feel free to reach out if you have any further questions or need clarification.
Best,
Irene @ Tutorials Dojo
