AWS Lambda announces support for encryption of filter criteria for event source mappings
AWS Lambda announces support for Amazon Key Management Service (KMS) Customer managed keys (CMK) for filter criteria used with event source mappings (ESMs) to filter records from a queue or stream before sending them to a Lambda function. This capability allows you to encrypt the data included under filter criteria using CMK, giving you fine-grained security control over the criteria used to filter your events.
Customers building modern event-driven applications on AWS Lambda use event filter criteria to control which records from a stream or queue Lambda sends to their function. If a record from the event source satisfies one or more of the specified event filters, Lambda includes the record in the next event it sends to the function. With today’s announcement, you can encrypt the filter criteria using a Customer managed key (CMK), which gives you the control to meet your organizational security and compliance goals.
This feature is generally available in all AWS Commercial Regions where AWS Lambda is available.
You can encrypt filter criteria with Customer managed key (CMK) when you create or update an event source mapping, using AWS Lambda event source mapping API, AWS Management Console, AWS Command Line Interface (AWS CLI), AWS SDK, AWS CloudFormation, and AWS Serverless Application Model (AWS SAM). To learn more, read Lambda documentation and KMS documentation.