DynamoDB Accelerator (DAX) clusters should be encrypted at rest

Description

This control verifies whether an Amazon DynamoDB Accelerator (DAX) cluster has encryption enabled for data at rest.

Encrypting data at rest helps mitigate the risk of unauthorized access to data stored on disk. Encryption introduces additional access controls, restricting unauthorized users from accessing the data.

Remediation

Once a cluster is created, encryption at rest cannot be enabled or disabled. To use encryption at rest, the cluster must be recreated with this setting enabled. For step-by-step guidance on creating a DAX cluster with encryption at rest, refer to the Enabling encryption at rest using the AWS Management Console section of the Amazon DynamoDB Developer Guide.