VIEW RULE IN DATADOG VIEW MISCONFIGURATIONS

Description

QLDB ledgers should be encrypted using a customer-managed KMS key rather than the default AWS-owned key. Customer-managed keys provide full control over key rotation policies, access permissions via KMS key policies, and the ability to revoke or disable the key.

Remediation

Update the ledger’s encryption settings to use a customer-managed KMS key. For guidance, refer to Encryption at rest in Amazon QLDB.