Key Management Errors
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-320: CWE CATEGORY: Key Management Errors |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The AWS SageMaker domain resource is missing encryption with a customer-managed KMS key. Without specifying ‘kms_key_id’, data stored at rest is not protected with a key you control.
Impact#
If exploited, sensitive data in SageMaker domains could be accessed by unauthorized users or AWS personnel, and you lose the ability to manage key rotation or revoke access. This increases the risk of data exposure and weakens compliance with security policies.