AWS > MSK >

MSK Cluster Encryption At-Rest

HIGH
Source
CloudSploit
ID
msk-cluster-encryption-at-rest

MSK Cluster Encryption At-Rest

Ensure that Amazon Managed Streaming for Kafka (MSK) clusters are using desired encryption key for at-rest encryption.

Amazon MSK encrypts all data at rest using AWS-managed KMS keys by default. Use AWS customer-managed Keys (CMKs) instead in order to have a fine-grained control over data-at-rest encryption/decryption process and meet compliance requirements.

Modify MSK cluster encryption configuration to use desired encryption key