Guides
  1. cft policies
  2. AWS DocDB DBCluster

Ensure DocDB is encrypted at rest

Risk Level: High
Cloud Entity: AWS DocDB DBCluster
CloudGuard Rule ID: D9.CFT.CRY.20
Covered by Spectral: No
Category: Database

GSL LOGIC

AWS_DocDB_DBCluster should have StorageEncrypted=true

REMEDIATION

From CFT
Supply AWS::DocDB::DBCluster::StorageEncrypted with Boolean value 'true'
See below example;

Resources:
myDBCluster:
Type: "AWS::DocDB::DBCluster"
Properties:
DBClusterIdentifier : "sample-cluster"
...
StorageEncrypted : true
...

References

  1. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-docdb-dbcluster.html#cfn-docdb-dbcluster-storageencrypted

AWS DocDB DBCluster

The AWS::DocDB::DBCluster Amazon DocumentDB (with MongoDB compatibility) resource describes a DBCluster. Amazon DocumentDB is a fully managed, MongoDB-compatible document database engine.

Compliance Frameworks

  • AWS CloudFormation ruleset

Updated 7 months ago