Key Management Errors
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-320: CWE CATEGORY: Key Management Errors |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The Kinesis stream resource is not configured to use a customer-managed KMS key (CMK) for encryption at rest. Without specifying a CMK, you lose control over the keys used to protect your data.
Impact#
If the stream data is not encrypted with a customer-managed key, sensitive information stored in Kinesis could be exposed if AWS-managed keys are compromised or misused. This increases the risk of unauthorized access and reduces your ability to manage key rotation and access policies, potentially leading to data breaches or regulatory non-compliance.