Secrets Manager encrypts secrets by default using a default key created by AWS. To ensure control and granularity of secret encryption, CMK’s should be used explicitly.
Using AWS managed keys reduces the flexibility and control over the encryption key
Use customer managed keys
The following example will fail the aws-ssm-secret-use-customer-key check.
The following example will pass the aws-ssm-secret-use-customer-key check.