Enable Storage Encryption | Vulnerability Database

DocumentDB storage must be encrypted

Unencrypted sensitive data is vulnerable to compromise. Encryption of the underlying storage used by DocumentDB ensures that if their is compromise of the disks, the data is still protected.

Impact

Recommended Actions

Follow the appropriate remediation steps below to resolve the issue.

Enable storage encryption

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14


Resources:
  GoodExample:
    Type: AWS::DocDB::DBCluster
    Properties:
      DBClusterIdentifier: sample-cluster
      DBClusterParameterGroupName: default.docdb3.6
      StorageEncrypted: true

  InstanceInstanceExample:
    Type: AWS::DocDB::DBInstance
    Properties:
      DBClusterIdentifier: sample-cluster
      DBInstanceClass: db.r5.large
      DBInstanceIdentifier: sample-cluster-instance-0

Remediation Links

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-docdb-dbcluster.html

Enable storage encryption

1
2
3
4
5
6


resource "aws_docdb_cluster" "good_example" {
  cluster_identifier = "my-docdb-cluster"
  master_username    = "foo"
  master_password    = "mustbeeightchars"
  storage_encrypted  = true
}

Remediation Links

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/docdb_cluster#storage_encrypted