Neptune encryption should use Customer Managed Keys
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | neptune |
| Provider | AWS |
| Vulnerability Type | omission |
Description#
The Neptune cluster is configured to use AWS-managed encryption keys instead of customer-managed keys. This limits granular control over key management, such as key rotation, access policies, and auditing.
Impact#
Relying on AWS-managed keys restricts the organization’s ability to enforce its own security policies, potentially increasing the risk of unauthorized data access or non-compliance with regulatory requirements if the default keys are compromised or mismanaged.
Resolution#
Enable encryption using customer managed keys