TF 0439 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
EBS volume encryption should use Customer Managed Keys
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | ec2 |
| Provider | AWS |
Description
EBS volumes are encrypted using default AWS-managed keys instead of customer-managed KMS keys. This limits control over encryption settings such as key rotation, policy management, and access permissions.
Impact
Relying on AWS-managed keys reduces the ability to enforce granular security controls and meet compliance requirements. If compromised, there is less visibility and flexibility in managing encryption keys, increasing the risk of unauthorized data access or regulatory violations.
Resolution
Enable encryption using customer managed keys