DMS replication instances should be encrypted at rest

Docs > Datadog Security > OOTB Rules > DMS replication instances should be encrypted at rest

Description

DMS replication instances should have encryption at rest configured with a KMS key. Encryption protects data being migrated or replicated from unauthorized access during the replication process.

Remediation

Create a new DMS replication instance with a KMS key specified for encryption. Existing instances cannot have encryption changed after creation. For guidance, refer to Creating a replication instance.