DocumentDB clusters should be encrypted at rest

documentdb
이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Description

This evaluation determines if an Amazon DocumentDB cluster has encryption enabled at rest. The evaluation will fail if the cluster is not encrypted at rest.

Data at rest encompasses all information stored on permanent, non-volatile storage devices, regardless of the duration. Encrypting this data helps safeguard its confidentiality by minimizing the likelihood of unauthorized access. It is advisable to enable encryption at rest for Amazon DocumentDB clusters to enhance security. Amazon DocumentDB utilizes the 256-bit Advanced Encryption Standard (AES-256) for data encryption, using keys managed in the AWS Key Management Service (AWS KMS).

Remediation

Encryption at rest can be activated when you initially create an Amazon DocumentDB cluster. It is important to note that you cannot modify encryption settings after the cluster has been established. For further details, refer to the section titled Enabling encryption at rest for an Amazon DocumentDB cluster in the Amazon DocumentDB Developer Guide.

PREVIEWING: aliciascott/DOCS-9725-Cloudcraft