Ensure encryption at rest is enabled for AWS DocumentDB clusters

MEDIUM

Description

Data could be exfiltrated due to unencrypted AWS DocumentDB clusters.

Remediation

In AWS Console -

Sign in to AWS Console and go to DocumentDB dashboard.
Select Clusters in the navigation pane.
Select the AWS DocumentDB cluster to examine,and view the Cluster identifier column.
Verify the 'Encryption at-rest' configuration value to check if it is set to 'Yes'.

In Terraform -

In the aws_docdb_cluster resource, set the storage_encrypted field to true.

References:
https://docs.aws.amazon.com/documentdb/latest/developerguide/encryption-at-rest.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/docdb_cluster

Policy Details

Rule Reference ID: AC_AWS_0071

CSP: AWS

Remediation Available: Yes

Domain: Data Protection

Resource: aws_docdb_cluster

Resource Category: Database

Resource Type: DocDB

Frameworks

GDPR
HIPAA
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0