Key Management Errors
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-320: CWE CATEGORY: Key Management Errors |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The DocDB cluster is not configured to use a customer-managed KMS key for encryption at rest. Without specifying a KMS key, you lose granular control over who can access and rotate the encryption keys protecting your data.
Impact#
If the cluster’s data is not encrypted with a customer-managed key, sensitive information could be exposed if AWS’s default keys are compromised or improperly rotated. This increases the risk of unauthorized data access and makes it harder to meet compliance and security requirements.