How secure is Aamazon Kinesis endpoint? Does the Kinesis Producer Library (KPL) securely sends messages to Kinesis endpoint?

I am trying to build a Amazon Kinesis based streaming data ingestion from a on-prem data soruce. I can use the Kinesis Producer Library (KPL) to produce messages to Kinesis Data Stream. I wanted to know how secure is the data transfer/ingestion through KPL. Is it using a secure endpoint underneath or using any in-transit encryption? Kinesis Data Stream offers to encrypt data at rest. But in this case how about the data security while in transit before it gets written to Kinesis Shards?