[DynamoDB.3]
DynamoDB Accelerator (DAX) clusters should be encrypted at rest
Description
All DAX cluster should be encrypted at rest. Encrypting data makes it more secure and reduces the risk of unauthorized users accessing the data. To make this rule COMPLIANT, you must enable encryption at rest for DAX Clusters.
Details
| Property | Value |
|---|---|
| Category | Protect > Data protection > Encryption of data at rest |
| Compliance Control ID | DynamoDB.3 |
| FortifyFox ID | FF100055 |
| Link | DynamoDB.3 Compliance |
| Resource Type(s) | AWS::DAX::Cluster |
| Severity | Medium |
Remediation
Use the following CloudFormation templates to deploy a DAX Cluster compliant with DynamoDB.3
YAML Template
Resources:
daxCluster:
Type: AWS::DAX::Cluster
Properties:
SSESpecification:
SSEEnabled: true
JSON Template
{
"Resources": {
"daxCluster": {
"Type": "AWS::DAX::Cluster",
"Properties": {
"SSESpecification": {
"SSEEnabled": true
}
}
}
}
}