Data protection

QLDB Ledger encryption not using customer managed key

Risk Level

Informational (4)

Compliance Frameworks


QLDB is a fully managed ledger database that provides a transparent, immutable, and cryptographically verifiable transaction log owned by a central trusted authority. By default, all data stored in the QLDB is fully encrypted using AWS KMS key, which is a default encryption type and is owned by AWS. Another option is to encrypt the QLDB data with Customer managed key, this way the key is stored in your AWS account and you have full control over it. QLDB Ledgers are typically used to record a sensitive information of an organization. It was detected that the QLDB Ledger {AwsQldbLedger} is using an AWS owned key.