Vulnerabilities
Misconfiguration
Runtime Security
Compliance
AWS > Dynamodb >

Enable At Rest Encryption

HIGH
Source
Trivy
ID
AVD-AWS-0023
cloudformation terraform

DAX Cluster should always encrypt data at rest

Amazon DynamoDB Accelerator (DAX) encryption at rest provides an additional layer of data protection by helping secure your data from unauthorized access to the underlying storage.

Impact

Data can be freely read if compromised

Follow the appropriate remediation steps below to resolve the issue.

Enable encryption at rest for DAX Cluster

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12

Resources:
  daxCluster:
    Type: AWS::DAX::Cluster
    Properties:
      ClusterName: "MyDAXCluster"
      NodeType: "dax.r3.large"
      ReplicationFactor: 1
      IAMRoleARN: "arn:aws:iam::111122223333:role/DaxAccess"
      Description: "DAX cluster created with CloudFormation"
      SSESpecification:
        SSEEnabled: true

Enable encryption at rest for DAX Cluster

1
2
3
4
5
6
7
8

 resource "aws_dax_cluster" "good_example" {
 	// other DAX config
 
 	server_side_encryption {
 		enabled = true // enabled server side encryption
 	}
 }
Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2023 Aqua Security Software Ltd.   Privacy Policy | Terms of Use