Kinesis stream retains data for at least the required minimum hours
kinesis_stream_data_retention_period
Kinesis Data Streams retention window is evaluated to confirm records are kept for at least the configured minimum duration (default 168 hours).
Risk
Insufficient retention causes records to expire before consumers read or reprocess them, undermining availability and analytics integrity. Backlogs or outages can create irreversible data gaps, hinder investigations and recovery, and enable denial-of-service-by-lag against event pipelines.
prowler aws --checks kinesis_stream_data_retention_period
Recommendation
Set the retention period to exceed worst-case consumer lag, replay needs, and compliance windows; use at least 168 hours by default (or customize as necessary) and raise as required. Enforce change control and least privilege on retention changes, monitor consumer lag, and maintain secondary durability (e.g., archival) for critical streams.
Remediation
aws kinesis increase-stream-retention-period --stream-name <example_resource_name> --retention-period-hours 168
- Sign in to the AWS Console and open Amazon Kinesis
- Go to Data streams and select <example_resource_name>
- Click Edit
- Set Retention period to 168 hours (or higher, per your policy)
- Click Save changes
Source Code
Resource Type
AwsKinesisStream