Key Management Errors
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-320: CWE CATEGORY: Key Management Errors |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
The EBS snapshot is encrypted, but a specific AWS KMS Customer Master Key (CMK) is not set. Without specifying a CMK, you lose control over key management, access policies, and key rotation.
Impact#
If a CMK is not specified, AWS manages the encryption keys, reducing your ability to enforce strict access control or respond to key compromise. This could expose sensitive data if unauthorized users gain access, and may also hinder compliance with regulatory requirements.