Vulnerabilities
Misconfiguration
Runtime Security
Compliance
AWS > Dynamodb >

Enable At Rest Encryption

HIGH
Source
Trivy
ID
AVD-AWS-0023
cloudformation terraform

DAX Cluster should always encrypt data at rest

Data can be freely read if compromised. Amazon DynamoDB Accelerator (DAX) encryption at rest provides an additional layer of data protection by helping secure your data from unauthorized access to the underlying storage.

Impact

Follow the appropriate remediation steps below to resolve the issue.

Enable encryption at rest for DAX Cluster

 1
 2
 3
 4
 5
 6
 7
 8
 9
10

Resources:
  GoodExample:
    Type: AWS::DAX::Cluster
    Properties:
      ClusterName: MyDAXCluster
      IAMRoleARN: arn:aws:iam::111122223333:role/DaxAccess
      NodeType: dax.r3.large
      ReplicationFactor: 1
      SSESpecification:
        SSEEnabled: true

Enable encryption at rest for DAX Cluster

1
2
3
4
5

resource "aws_dax_cluster" "good_example" {
  server_side_encryption {
    enabled = true // enabled server side encryption
  }
}
Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2025 Aqua Security Software Ltd.   Privacy Policy | Terms of Use