DocumentDB is not encrypted at rest
Description
This policy ensures that Amazon DocumentDB (DocDB) clusters are encrypted at rest. Encrypting data at rest protects the data stored in your DocDB clusters from unauthorized access and potential data breaches. By default, DocDB clusters are unencrypted, so it is crucial to enable encryption to secure your data.
Code Example
go
resource "aws_docdb_cluster" "example" {
...
cluster_identifier = "docdb-cluster-demo"
+ storage_encrypted = true
...
}Remediation
Terraform
- Resource: aws_docdb_cluster
- Arguments: storage_encrypted - Specifies whether the DB cluster is encrypted.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0127 |
| Severity | MEDIUM |
| IaC Type | Cloudformation |
| Frameworks | CloudFormation, Terraform, TerraformPlan, Serverless |
| Checkov ID | CKV_AWS_74 |