Key Management Errors
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-320: CWE CATEGORY: Key Management Errors |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The EBS volume is encrypted, but it does not specify a customer-managed KMS key (CMK) for encryption. Relying on the default AWS-managed key limits your control over key rotation and access policies.
Impact#
Without a customer-managed KMS key, you cannot enforce strict access controls or manage key rotation, increasing the risk that sensitive data could be accessed by unauthorized users or remain vulnerable if the default key is compromised.