For AI agents: A markdown version of this page is available at https://docs.datadoghq.com/security/default_rules/def-000-ca7.md. A documentation index is available at /llms.txt.

DMS replication instances should be encrypted at rest

dms

Description

DMS replication instances should have encryption at rest configured with a KMS key. Encryption protects data being migrated or replicated from unauthorized access during the replication process.

Remediation

Create a new DMS replication instance with a KMS key specified for encryption. Existing instances cannot have encryption changed after creation. For guidance, refer to Creating a replication instance.