MSK clusters should be encrypted with a customer-managed KMS key

amazon-msk
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Description

MSK clusters should be encrypted using a customer-managed KMS key for data volumes rather than the default AWS-managed key. Customer-managed keys provide full control over key rotation policies, access permissions via KMS key policies, and the ability to revoke or disable the key.

Remediation

Create a new MSK cluster with a customer-managed KMS key specified for data volume encryption. Existing clusters cannot have their encryption key changed after creation. For guidance, refer to Amazon MSK encryption.