Incorrect Permission Assignment for Critical Resource
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-732: Incorrect Permission Assignment for Critical Resource |
| OWASP | A02:2021 - Cryptographic Failures |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The AWS CloudWatch Log Group resource is not configured to use a customer-managed KMS key for encryption. Relying solely on default AWS-managed keys provides less control over log data security.
Impact#
Without a customer-managed KMS key, sensitive log data is at greater risk if AWS-managed keys are compromised or misused. Attackers or unauthorized users may gain access to log contents, leading to data exposure or compliance violations.