HIGH
Source
CloudSploit
ID
xray-encryption-enabled

XRay Encryption Enabled

Ensures CMK-based encryption is enabled for XRay traces.

AWS XRay supports default encryption based on an AWS-managed KMS key as well as encryption using a customer managed key (CMK). For maximum security, the CMK-based encryption should be used.

Update XRay encryption configuration to use a CMK.