DocumentDB clusters should be encrypted at rest

documentdb
이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Description

This evaluation determines if an Amazon DocumentDB cluster has encryption enabled at rest. The evaluation will fail if the cluster is not encrypted at rest.

Data at rest encompasses all information stored on permanent, non-volatile storage devices, regardless of the duration. Encrypting this data helps safeguard its confidentiality by minimizing the likelihood of unauthorized access. It is advisable to enable encryption at rest for Amazon DocumentDB clusters to enhance security. Amazon DocumentDB utilizes the 256-bit Advanced Encryption Standard (AES-256) for data encryption, using keys managed in the AWS Key Management Service (AWS KMS).

Remediation

Encryption at rest can be activated when you initially create an Amazon DocumentDB cluster. It is important to note that you cannot modify encryption settings after the cluster has been established. For further details, refer to the section titled Enabling encryption at rest for an Amazon DocumentDB cluster in the Amazon DocumentDB Developer Guide.