S3 encryption should use Customer Managed Keys
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | s3 |
| Provider | AWS |
| Vulnerability Type | omission |
Description#
S3 bucket encryption is configured to use AWS-managed keys instead of customer managed keys. This limits control over key management, including aspects like key rotation and access policies, which are important for meeting security and compliance requirements.
Impact#
Relying on AWS-managed keys restricts the ability to enforce fine-grained access controls and key rotation, potentially exposing sensitive data to unauthorized access if AWS keys are compromised or misused. This can lead to data breaches and failure to meet compliance obligations.
Resolution#
Enable encryption using customer managed keys