Best practices

Glue Data Catalogs data-at-rest encryption without KMS CMKs

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

Glue Data Catalogs are using a default encryption key (provided and managed by AWS) instead of customer master keys (CMKs). Only CMKs give you the ability to fully manage your encryption keys, this includes policies, encryption rotation, access, tags and more.

  • Recommended Mitigation

    To maintain exclusive control over the encryption of your data catalogs, define and use your own CMK.

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.