DocDB Global Cluster is not encrypted at rest
Description
This policy is checking to see if a DocDB Global Cluster is encrypted at rest. The default setting for this is unencrypted. Data encryption at rest is critical for securing sensitive data and protecting it from unauthorized access. If data is not encrypted, it could potentially be exposed to cybercriminals, which could lead to data breaches and other significant security incidents. Therefore, failing to encrypt sensitive data at rest is a significant security risk.
Code Example
hcl
resource "aws_docdb_global_cluster" "example" {
global_cluster_identifier = "example"
storage_encrypted = true
}Remediation
Terraform
- Resource: aws_docdb_global_cluster
- Arguments: storage_encrypted
To fix this issue, you should enable encryption at rest for your DocDB Global Cluster. This can be done by setting the `storage_encrypted` parameter to `true` in your Terraform configuration file.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0340 |
| Severity | HIGH |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_AWS_292 |